www.xxxfiles.com/videos/145998/a7195687f4fba01f71d35a3d1e5ee304/?sid=12320
104.21.90.43301 Moved Permanently 0 B URL HTTP/1.1 www.xxxfiles.com/videos/145998/a7195687f4fba01f71d35a3d1e5ee304/?sid=12320
IP 104.21.90.43:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /videos/145998/a7195687f4fba01f71d35a3d1e5ee304/?sid=12320 HTTP/1.1
Host: www.xxxfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 28 Jan 2023 07:56:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 28 Jan 2023 08:56:05 GMT
Location: https://www.xxxfiles.com/videos/145998/a7195687f4fba01f71d35a3d1e5ee304/?sid=12320
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WicL3frZ1JUfuGWQtRIlaryqesJ25r4QgLc9JY%2B0FriK4wtBUYyDC5hBxigmjLHS%2Ff1DDSXDHmVSEz678VaubGSNxp%2Fu56sJDPr2ikJm9v6yDX3zWbPbyfwxeH1USdMBUb%2Ff"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79082b66fdcdb500-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12735
Expires: Sat, 28 Jan 2023 11:28:20 GMT
Date: Sat, 28 Jan 2023 07:56:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 81dd5c5cc5b3278876cb44dcb520a60f
c0511a59e9eccdcdda98717b87c89c5d59974808
41736c303afdb3d31e48724b107dcb22883cae02f3562308eb52d9164001a2de
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41736C303AFDB3D31E48724B107DCB22883CAE02F3562308EB52D9164001A2DE"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15817
Expires: Sat, 28 Jan 2023 12:19:42 GMT
Date: Sat, 28 Jan 2023 07:56:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 03092d1a1bc7ac91ee342a1a7ab2a562
52db06ce1fd2c74ddd36b6a0a7aee1b5c891600a
03b8ff2629abac9fc30ebec059c2e2018fcbc41646ad5f71c965ff630fbf1ffd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "03B8FF2629ABAC9FC30EBEC059C2E2018FCBC41646AD5F71C965FF630FBF1FFD"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10062
Expires: Sat, 28 Jan 2023 10:43:47 GMT
Date: Sat, 28 Jan 2023 07:56:05 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 07:43:04 GMT
content-type: application/json
age: 781
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: O9JvDEtuTXm0aSbN4dubO//LOupv9PPKHlilffldyp1UwZiEDfG4NBzCcrqADTNlHPDrZTcgPRo=
x-amz-request-id: FHY1TD2MZS8GPH34
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 07:49:47 GMT
age: 378
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 45995b6cc86c357513a219ba523475e2
f0b77af95885eb8b19201d8f772a7e067c6ee717
6828bf1773bdf9b26c958083ecc97c667abd47229cfcb46c157a64bb270599c7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 288
Cache-Control: max-age=87352
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:56:05 GMT
Etag: "63d3862d-117"
Expires: Sun, 29 Jan 2023 08:11:57 GMT
Last-Modified: Fri, 27 Jan 2023 08:07:09 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 279
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:56:05 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 45995b6cc86c357513a219ba523475e2
f0b77af95885eb8b19201d8f772a7e067c6ee717
6828bf1773bdf9b26c958083ecc97c667abd47229cfcb46c157a64bb270599c7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 289
Cache-Control: max-age=87352
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:56:06 GMT
Etag: "63d3862d-117"
Expires: Sun, 29 Jan 2023 08:11:58 GMT
Last-Modified: Fri, 27 Jan 2023 08:07:09 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 279
cdnjs.cloudflare.com/ajax/libs/videojs-thumbnails/0.1.1/videojs.thumbnails.js
104.17.24.14200 OK 1.7 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/videojs-thumbnails/0.1.1/videojs.thumbnails.js
IP 104.17.24.14:0
Hash 25262966b8186937356da73b4437077e
119334d19971c98dbb41ed0a074df6f9ee76414c
550053ac2111a284edfc27b8c6ed672dea9d9ae72e389e555620e1ab53e3fd78
GET /ajax/libs/videojs-thumbnails/0.1.1/videojs.thumbnails.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:06 GMT
content-type: application/javascript; charset=utf-8
content-length: 1675
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb04020-18dd"
last-modified: Mon, 04 May 2020 16:17:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 13529105
expires: Thu, 18 Jan 2024 07:56:06 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QoXIQVM%2Buptz75qnidlz6FOgW0%2BheA5C3oIwIbdiRB%2FQUGbSCMDXhBbQzY1ZyGLs1Q4BiMB7j%2FM53odh621XByhM%2BOlFvIzQFKKG3am%2Frq7LRSc1L3FmaBUqUUf0uwdh96lO1c1A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 79082b6b3acfb527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/videojs-thumbnails/0.1.1/videojs.thumbnails.css
104.17.24.14200 OK 256 B URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/videojs-thumbnails/0.1.1/videojs.thumbnails.css
IP 104.17.24.14:0
Hash 098110bd3ec60e725e6ac659dec292f3
2079d41c25bec276e4dcd4dcbc3c2cdd5c8cad25
13a4726b6560cb70580a6535e9b165bf3c0a447ea054c844043668d1e2ef5e6e
GET /ajax/libs/videojs-thumbnails/0.1.1/videojs.thumbnails.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:06 GMT
content-type: text/css; charset=utf-8
content-length: 256
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb04020-36a"
last-modified: Mon, 04 May 2020 16:17:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 118817
expires: Thu, 18 Jan 2024 07:56:06 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SKXDIZBLGL3YSlfstQRq7LtCppD4ckpF5JpZb6HzGsLTdrryGBklcsSB1Y40L90oKavHLbA%2BBvUHg9NVB1cFT54ff82Hcs8U9KgKYWv%2BHBimKQgbBVbfT8saxmskDo0HQpfu5zPJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 79082b6b8b25b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js
151.101.193.229200 OK 1.1 kB URL HTTP/2 cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js
IP 151.101.193.229:0
File type ASCII text, with very long lines (1619)
Hash 0216b1edd2fa7ad9cfa258108fd95af4
39c12f744959428d391ab0593dcc69295e63fd18
ae34cfdf4075a9766062b578ca857f1b10e53ea9979d87769b37bc388daf1138
GET /npm/js-cookie@2/src/js.cookie.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.2.1
x-jsd-version-type: version
etag: W/"79f-7pVBzxqV0qiF+LFDoQXKqgjKnJ0"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 28 Jan 2023 07:56:06 GMT
age: 5520
x-served-by: cache-fra-eddf8230059-FRA, cache-bma1654-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1062
X-Firefox-Spdy: h2
vjs.zencdn.net/7.5.5/video-js.css
151.101.66.217200 OK 10 kB URL HTTP/2 vjs.zencdn.net/7.5.5/video-js.css
IP 151.101.66.217:0
File type ASCII text, with very long lines (5636)
Hash 63ef1aa5ef8f1bb4fcb8019a9ad157cd
9cbb2b320cce447d40e3af5118042587263158d5
d5b5c765198056aece9fbee1b43a9873a8a6e0fe6a954f48d001bc030e106146
GET /7.5.5/video-js.css HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 13 Jun 2019 18:18:21 GMT
etag: "29daa9b197765c0111b16939ce1264a9"
cache-control: public, max-age=31536000
content-type: text/css; charset=utf-8
content-encoding: gzip
date: Sat, 28 Jan 2023 07:56:06 GMT
x-served-by: cache-bma1634-BMA
x-cache: HIT
x-cache-hits: 1381
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 10533
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.20.226:0
Hash b9826d8457ef4d9cceafbab24d1c2a8b
2c03a2361f7958a515b48aa641ac292cd2936dd8
a5f7e080f78242037ed9d51f416b3cfb14904988ac191060128e5e5189d3cb7a
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 07:56:06 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "6DEA52A483C88A3E599D3DC97D1742BD21B7F3A5"
Expires: Sat, 28 Jan 2023 19:00:00 GMT
Last-Modified: Sat, 28 Jan 2023 07:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 777
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79082b6cbe611c02-OSL
vjs.zencdn.net/7.5.5/video.js
151.101.66.217200 OK 425 kB URL HTTP/2 vjs.zencdn.net/7.5.5/video.js
IP 151.101.66.217:0
File type ASCII text, with very long lines (320)
Size 425 kB (425400 bytes)
Hash 27d95d95415e0e0c9998b88556837a98
be3f6b4f9eabec23d020293080c0398ddeb1b282
acebe3bf6d9fea91719845f6e0ab65ca822188593d68c478276df7d18390498a
GET /7.5.5/video.js HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 13 Jun 2019 18:18:22 GMT
etag: "865887bf5b49dc505cb0268884734c12"
cache-control: public, max-age=31536000
content-type: application/javascript; charset=utf-8
content-encoding: gzip
date: Sat, 28 Jan 2023 07:56:06 GMT
x-served-by: cache-bma1634-BMA
x-cache: HIT
x-cache-hits: 3
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 425400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7da8f9a23d8c05f64f248e4e3427c76e
e2d001c2909cd9403173cbb0e288d55fbc8e4d0a
db8790004124a0eeb0676860170ad9c37250b2ba697a27dee62c99b64c67b4b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:56:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7da8f9a23d8c05f64f248e4e3427c76e
e2d001c2909cd9403173cbb0e288d55fbc8e4d0a
db8790004124a0eeb0676860170ad9c37250b2ba697a27dee62c99b64c67b4b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:56:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d1nubxdgom3wqt.cloudfront.net/?xbund=831295
54.230.245.216200 OK 329 B URL HTTP/2 d1nubxdgom3wqt.cloudfront.net/?xbund=831295
IP 54.230.245.216:0
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /?xbund=831295 HTTP/1.1
Host: d1nubxdgom3wqt.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 98946
date: Sat, 28 Jan 2023 07:56:06 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Fz4LQ4IhH-dH7vPkS0jhUMmAHL6J-0yXn3fbWH5Mpr-7HMk-grP2gw==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7ee2e0bb71098212aa487fb81d981faa
70f444e00b72902570d0468a2b152b000f9ac074
d3b6218bba470a19a4a2b9281a6f12d4d2d46baad85dbb36af981df322d4a351
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3B6218BBA470A19A4A2B9281A6F12D4D2D46BAAD85DBB36AF981DF322D4A351"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1637
Expires: Sat, 28 Jan 2023 08:23:23 GMT
Date: Sat, 28 Jan 2023 07:56:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13600
Expires: Sat, 28 Jan 2023 11:42:46 GMT
Date: Sat, 28 Jan 2023 07:56:06 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 43a42dffd26cd02d992e866e14d8d857
4c5d34b358edebcc30a1157117496a56e9a7b620
2d68e9fb9547820c5a9d9338d3b4f9cb7ef1f29241c9ba7fd616034f6659efc8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "2D68E9FB9547820C5A9D9338D3B4F9CB7EF1F29241C9BA7FD616034F6659EFC8"
Last-Modified: Thu, 26 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8496
Expires: Sat, 28 Jan 2023 10:17:43 GMT
Date: Sat, 28 Jan 2023 07:56:07 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:56:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:56:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.xxxfiles.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 24 Jan 2023 13:09:06 GMT
expires: Wed, 24 Jan 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 326821
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:56:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
hegdcrxavrtk.cdnvideo3.com/api/spots/377391?v2=1&fill=0&kw=Blowjob%2Ccum%20in%20mouth%2CEbony%2Cnatural%20tits%2Coil%2Cadulttime.com%2Cnurumassage.com%2Cnurumassage%2CDemi%20Sutra%2CCodey%20Steele&s1=%25subid1%25&s2=%25subid2%25
135.181.208.216200 OK 16 kB URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/377391?v2=1&fill=0&kw=Blowjob%2Ccum%20in%20mouth%2CEbony%2Cnatural%20tits%2Coil%2Cadulttime.com%2Cnurumassage.com%2Cnurumassage%2CDemi%20Sutra%2CCodey%20Steele&s1=%25subid1%25&s2=%25subid2%25
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash e2f7c12b7104a3246493b8065f7321f3
ef7948786d40d0b5d54a7909e7efec598781f32c
7f6a7bf1858d083b9ed860a2a5312182143f04856c317ce53f00319084b04b94
GET /api/spots/377391?v2=1&fill=0&kw=Blowjob%2Ccum%20in%20mouth%2CEbony%2Cnatural%20tits%2Coil%2Cadulttime.com%2Cnurumassage.com%2Cnurumassage%2CDemi%20Sutra%2CCodey%20Steele&s1=%25subid1%25&s2=%25subid2%25 HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Cookie: nauid=7L5mIom56rEFN5rNHwyf
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:56:07 GMT
content-type: text/xml
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://www.xxxfiles.com
access-control-expose-headers: X-Asg-Config, X-t
x-t: 0
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Hash b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.xxxfiles.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 21 Jan 2023 10:26:49 GMT
expires: Sun, 21 Jan 2024 10:26:49 GMT
cache-control: public, max-age=31536000
age: 595758
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.209.122.114101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.209.122.114:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ZGdEgaTAg1FElFNDSYY2+w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: OEfi19fsKp/GbZDbMQKukEnLWWk=
hegdcrxavrtk.cdnvideo3.com/api/spots/329585?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 5.0 kB URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/329585?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 9b4f777f349734fc576ccc0259e1f844
d38b4f3bcf24ac41088db12b201ab70054f955be
3f959e6e653935f4b5dd9863d969d8f1574df0b84e4203e4dd6691231c574b2b
GET /api/spots/329585?p=1&s1=%subid1%&kw= HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:56:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=7L5mIom56rEFN5rNHwyf; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
dhthrewdownth.xyz/UmM1REt9XFY3dgY2ex0ZYTUQdg0xDkV2HxoLTSUTACBTHAU6BwV0bSYKUXlyZ1sAdH10E1wgdmFREzc/MxdAN3ZgUwVzbTsNUyt2YEVDeXt8Wht1ZWJFQHl6dBdFJSxvUhM0PyYPCHV9ZVcNfXlnVQ18fmo
188.114.97.1204 No Content 0 B URL HTTP/2 dhthrewdownth.xyz/UmM1REt9XFY3dgY2ex0ZYTUQdg0xDkV2HxoLTSUTACBTHAU6BwV0bSYKUXlyZ1sAdH10E1wgdmFREzc/MxdAN3ZgUwVzbTsNUyt2YEVDeXt8Wht1ZWJFQHl6dBdFJSxvUhM0PyYPCHV9ZVcNfXlnVQ18fmo
IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /UmM1REt9XFY3dgY2ex0ZYTUQdg0xDkV2HxoLTSUTACBTHAU6BwV0bSYKUXlyZ1sAdH10E1wgdmFREzc/MxdAN3ZgUwVzbTsNUyt2YEVDeXt8Wht1ZWJFQHl6dBdFJSxvUhM0PyYPCHV9ZVcNfXlnVQ18fmo HTTP/1.1
Host: dhthrewdownth.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 28 Jan 2023 07:56:07 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lzxbghsxqW01O7lxjJ9%2FCL8HpLxeFK%2F%2BJXk5X%2FEGIyhqAaGiMw8DHd8PrrmoKnMu2t5JFX46yziGFxPcr0szJatwnn6IVEUddHDdb5VQNdvBIxokgNI1ma7b4d0shtrUYIeXTw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79082b70fd08b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dhthrewdownth.xyz/S2JQYUxkXTMScRlTGhMuJlsnO30zNQg5eSw3YTsUKDU0ABQdEXYVJS9faFJ9eVtlRzwiBm1QajgWMRU5OF9hRyUlBD9caj1fYU9/f0xjUGJ5RCVcfW0WIAArdlN2ETg/Dm1QenxWaFh+flRoVnpz
188.114.97.1204 No Content 0 B URL HTTP/2 dhthrewdownth.xyz/S2JQYUxkXTMScRlTGhMuJlsnO30zNQg5eSw3YTsUKDU0ABQdEXYVJS9faFJ9eVtlRzwiBm1QajgWMRU5OF9hRyUlBD9caj1fYU9/f0xjUGJ5RCVcfW0WIAArdlN2ETg/Dm1QenxWaFh+flRoVnpz
IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /S2JQYUxkXTMScRlTGhMuJlsnO30zNQg5eSw3YTsUKDU0ABQdEXYVJS9faFJ9eVtlRzwiBm1QajgWMRU5OF9hRyUlBD9caj1fYU9/f0xjUGJ5RCVcfW0WIAArdlN2ETg/Dm1QenxWaFh+flRoVnpz HTTP/1.1
Host: dhthrewdownth.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 28 Jan 2023 07:56:07 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=goYH7xfQjBDG300mTmAAHK1F6%2Ft%2FA0KLcF8cTsu7YnbGzHSsFGdUTWO4ok5GlTskO7pnfjJCpB%2FX%2By2W0dgtgbHIme13OrMikPyCavbOkjbVvwG4eGPrQzERGxMzHkeJE0RyQA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79082b70ed03b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dhthrewdownth.xyz/MmJvT2sdXQw8Vn8nKRgIZCcsLCxgIw4OPUg4XwUGcyopOTplCUk7AlZfVnpTB1JZaRtbBlJ8WRQRGy4fRxFSfk1bDAkgVhQUUn9FC0xeYVsUF1J+TUYSDihWA0QfOx9eX155XAZaVn1eBFpXel4
188.114.97.1204 No Content 0 B URL HTTP/2 dhthrewdownth.xyz/MmJvT2sdXQw8Vn8nKRgIZCcsLCxgIw4OPUg4XwUGcyopOTplCUk7AlZfVnpTB1JZaRtbBlJ8WRQRGy4fRxFSfk1bDAkgVhQUUn9FC0xeYVsUF1J+TUYSDihWA0QfOx9eX155XAZaVn1eBFpXel4
IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /MmJvT2sdXQw8Vn8nKRgIZCcsLCxgIw4OPUg4XwUGcyopOTplCUk7AlZfVnpTB1JZaRtbBlJ8WRQRGy4fRxFSfk1bDAkgVhQUUn9FC0xeYVsUF1J+TUYSDihWA0QfOx9eX155XAZaVn1eBFpXel4 HTTP/1.1
Host: dhthrewdownth.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 28 Jan 2023 07:56:07 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FD9XRLzQNssbaZ0njTa4oko4Tk8clIB2eznK2TPPnIwlBEJL7x859NCfDe%2BxoECoIUcl%2B1G0yctpUw0ItP8Dqs2fzy6hWlVBuXjF3ciWEw9WrwV1J5EnPq94ASEchFZ6MNMlXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79082b70fd07b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/click/564968611006603095?c=90
135.181.208.216200 OK 0 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/click/564968611006603095?c=90
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/click/564968611006603095?c=90 HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hegdcrxavrtk.cdnvideo3.com/api/spots/329584?p=1&s1=%subid1%&kw=
Cookie: nauid=7L5mIom56rEFN5rNHwyf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:56:07 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: private
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/click/5813438977954352095?c=90
135.181.208.216200 OK 0 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/click/5813438977954352095?c=90
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/click/5813438977954352095?c=90 HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hegdcrxavrtk.cdnvideo3.com/api/spots/329586?p=1&s1=%subid1%&kw=
Cookie: nauid=7L5mIom56rEFN5rNHwyf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:56:07 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: private
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/click/8176987676496379095?c=90
135.181.208.216200 OK 0 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/click/8176987676496379095?c=90
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/click/8176987676496379095?c=90 HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hegdcrxavrtk.cdnvideo3.com/api/spots/329585?p=1&s1=%subid1%&kw=
Cookie: nauid=7L5mIom56rEFN5rNHwyf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:56:07 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: private
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 43a42dffd26cd02d992e866e14d8d857
4c5d34b358edebcc30a1157117496a56e9a7b620
2d68e9fb9547820c5a9d9338d3b4f9cb7ef1f29241c9ba7fd616034f6659efc8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "2D68E9FB9547820C5A9D9338D3B4F9CB7EF1F29241C9BA7FD616034F6659EFC8"
Last-Modified: Thu, 26 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8496
Expires: Sat, 28 Jan 2023 10:17:43 GMT
Date: Sat, 28 Jan 2023 07:56:07 GMT
Connection: keep-alive
hethisisath.xyz/WWVwbFc4BxMBaDhYEkoiKwlNSWUfQEIqM2gLBQ4vPQIfAWQuFARCNDUKBQgxKwoeGHk3AARJZR8hIjQzFDI1DzoeJjlJZRsANCkyEiImSWUbBjVVYjgtNgYfDV1DJwMPLjI9MDUBMgtvFSZAFhEzXQolDxwjNiRjIzUIIi84IjUcETAsVV4RPAg9Px4zEUYIERwRIC8BbTRCAyQXHB8PNApVACUFEBQ9Pzw+IEIDIxMLFw0eICwFJwUqERY0Ah00HSY4AAsUJA0aXQUnLxQPPBYFPjcoG2UUVzIqMR4JQw1nPRURGwE+NygbIRUMBC4yEVRALmYTQEIuNh1cCj1ldAkCLgAbIxYvOCE8NT0ZOD0UGwABHQg1OT0tOxZnMikYBCc4AjZfBWpUHwhkCy0WNGZoASIpOxIMOQYQHTdJCAYXIhYrZikBJiliAz0pSj0qCh4cahA1El04KREaGjYqDhZYJQE
65.9.44.105200 OK 1.2 kB URL HTTP/2 hethisisath.xyz/WWVwbFc4BxMBaDhYEkoiKwlNSWUfQEIqM2gLBQ4vPQIfAWQuFARCNDUKBQgxKwoeGHk3AARJZR8hIjQzFDI1DzoeJjlJZRsANCkyEiImSWUbBjVVYjgtNgYfDV1DJwMPLjI9MDUBMgtvFSZAFhEzXQolDxwjNiRjIzUIIi84IjUcETAsVV4RPAg9Px4zEUYIERwRIC8BbTRCAyQXHB8PNApVACUFEBQ9Pzw+IEIDIxMLFw0eICwFJwUqERY0Ah00HSY4AAsUJA0aXQUnLxQPPBYFPjcoG2UUVzIqMR4JQw1nPRURGwE+NygbIRUMBC4yEVRALmYTQEIuNh1cCj1ldAkCLgAbIxYvOCE8NT0ZOD0UGwABHQg1OT0tOxZnMikYBCc4AjZfBWpUHwhkCy0WNGZoASIpOxIMOQYQHTdJCAYXIhYrZikBJiliAz0pSj0qCh4cahA1El04KREaGjYqDhZYJQE
IP 65.9.44.105:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3050), with no line terminators
Hash 012858c294ca4e3f7591bc91fef1c712
58d1eba8b4ee5af1d8161fe41890d3888beedb5c
3ca8ef20b0c9eb309417409200db671c08fae4f8eea60e8ad740b9d54bd3463d
GET /WWVwbFc4BxMBaDhYEkoiKwlNSWUfQEIqM2gLBQ4vPQIfAWQuFARCNDUKBQgxKwoeGHk3AARJZR8hIjQzFDI1DzoeJjlJZRsANCkyEiImSWUbBjVVYjgtNgYfDV1DJwMPLjI9MDUBMgtvFSZAFhEzXQolDxwjNiRjIzUIIi84IjUcETAsVV4RPAg9Px4zEUYIERwRIC8BbTRCAyQXHB8PNApVACUFEBQ9Pzw+IEIDIxMLFw0eICwFJwUqERY0Ah00HSY4AAsUJA0aXQUnLxQPPBYFPjcoG2UUVzIqMR4JQw1nPRURGwE+NygbIRUMBC4yEVRALmYTQEIuNh1cCj1ldAkCLgAbIxYvOCE8NT0ZOD0UGwABHQg1OT0tOxZnMikYBCc4AjZfBWpUHwhkCy0WNGZoASIpOxIMOQYQHTdJCAYXIhYrZikBJiliAz0pSj0qCh4cahA1El04KREaGjYqDhZYJQE HTTP/1.1
Host: hethisisath.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1199
date: Sat, 28 Jan 2023 07:56:07 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 5f5aa47bb337704a0ad6f14b5e9a076a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: KObfnPDqE7_fCe0d-qpwwz2FJYB39_YQpaaQEXhZaBwLOw0IOeGx3Q==
X-Firefox-Spdy: h2
hethisisath.xyz/NTczOFBUVVBVb1QKUR4lR1sOHWJzEgF+NARZRlooUVBcVWNCRkcWM1lYRlw2R1hdTH5bUkcdYnMGUHAVBWNYSwR9W1xXNHRmam0Ye01iCBFyUwANB3IHUFAaZHV+aSdCQXpqI3BncGE3ZUBmXRN0fmR9OlpPdX0ncFZwWwJ9Bn1CMmdiVW5jewFlUBJke3tiFWMHch1id31xTB1tXmoAEXdbaWgUeHZ7UBkCfFgIM2JNYlEYdwZlWWNeBWF6IBAFcVo7f3V7fDtcf1tuMnpjW24BQmZUaGFjc3FwaQJvWH0CU2ZfbgFCZgZxOAB/cn8kAXpfaRdTXX1/AmcadQETY2F3ehRCDmVtGgRRAEwWbUBhVjJefXFtKUZYdEBkZ1FyCRNkZmUdYndSA34Sd2BHDQF3U1doEwFge1MoR1JnYhF3f0dUAXNTcVtjWhFZSz9bRw5PElFmWQgiWGd9CQB2RVQ
65.9.44.105200 OK 1.2 kB URL HTTP/2 hethisisath.xyz/NTczOFBUVVBVb1QKUR4lR1sOHWJzEgF+NARZRlooUVBcVWNCRkcWM1lYRlw2R1hdTH5bUkcdYnMGUHAVBWNYSwR9W1xXNHRmam0Ye01iCBFyUwANB3IHUFAaZHV+aSdCQXpqI3BncGE3ZUBmXRN0fmR9OlpPdX0ncFZwWwJ9Bn1CMmdiVW5jewFlUBJke3tiFWMHch1id31xTB1tXmoAEXdbaWgUeHZ7UBkCfFgIM2JNYlEYdwZlWWNeBWF6IBAFcVo7f3V7fDtcf1tuMnpjW24BQmZUaGFjc3FwaQJvWH0CU2ZfbgFCZgZxOAB/cn8kAXpfaRdTXX1/AmcadQETY2F3ehRCDmVtGgRRAEwWbUBhVjJefXFtKUZYdEBkZ1FyCRNkZmUdYndSA34Sd2BHDQF3U1doEwFge1MoR1JnYhF3f0dUAXNTcVtjWhFZSz9bRw5PElFmWQgiWGd9CQB2RVQ
IP 65.9.44.105:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3049), with no line terminators
Hash b510501d7326918042353324de5dbc8d
2d10cecb92e5316492407d183023684fe7a4410d
3bcacff7842c9af882bd4607830084e816f3c3be3a49e1fd6595ca41c2b38a92
GET /NTczOFBUVVBVb1QKUR4lR1sOHWJzEgF+NARZRlooUVBcVWNCRkcWM1lYRlw2R1hdTH5bUkcdYnMGUHAVBWNYSwR9W1xXNHRmam0Ye01iCBFyUwANB3IHUFAaZHV+aSdCQXpqI3BncGE3ZUBmXRN0fmR9OlpPdX0ncFZwWwJ9Bn1CMmdiVW5jewFlUBJke3tiFWMHch1id31xTB1tXmoAEXdbaWgUeHZ7UBkCfFgIM2JNYlEYdwZlWWNeBWF6IBAFcVo7f3V7fDtcf1tuMnpjW24BQmZUaGFjc3FwaQJvWH0CU2ZfbgFCZgZxOAB/cn8kAXpfaRdTXX1/AmcadQETY2F3ehRCDmVtGgRRAEwWbUBhVjJefXFtKUZYdEBkZ1FyCRNkZmUdYndSA34Sd2BHDQF3U1doEwFge1MoR1JnYhF3f0dUAXNTcVtjWhFZSz9bRw5PElFmWQgiWGd9CQB2RVQ HTTP/1.1
Host: hethisisath.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1196
date: Sat, 28 Jan 2023 07:56:07 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 5f5aa47bb337704a0ad6f14b5e9a076a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: WUUaX8q7Z6TSD9PQ7d3mCVhgelaUkhY0ue9lcupJbQU0T-g1-ynGhw==
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js
142.250.74.170200 OK 33 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js
IP 142.250.74.170:0
File type ASCII text, with very long lines (32086)
Hash 430e927c980ad4079de727fa59dd93f2
891aaada9a55a91292999f6d50fd300439905982
e8728df8617340bd8c10bc8d27d3a725a48871a269c850e8598689938ec6e2ed
GET /ajax/libs/jquery/1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hegdcrxavrtk.cdnvideo3.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33434
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 21 Jan 2023 18:53:23 GMT
expires: Sun, 21 Jan 2024 18:53:23 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 565364
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
a.realsrv.com/ad-provider.js
185.76.9.24200 OK 24 kB URL HTTP/2 a.realsrv.com/ad-provider.js
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
File type ASCII text, with very long lines (52068)
Hash 2238a1effd5e3579724063ac37d4a6a0
0f7828de6ccc9b16d793a11d7863ae01d9901cce
05bae3c18d619a78fe40a4b55ae1ae8288a2285504dcbea3d6615c10b33e2c8a
GET /ad-provider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hegdcrxavrtk.cdnvideo3.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:07 GMT
content-type: application/javascript
etag: W/"c86623937323852b5fe82a29fcb"
expires: Tue, 24 Jan 2023 13:18:38 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1674901211
server: CDN77-Turbo
x-77-nzt: AblMCRR0/OP/bAgAAA
x-77-nzt-ray: af585630311a33c517d5d463dbf53617
x-cache: HIT
x-age: 2156
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
badgegirdle.com/63/d4/5b/63d45b685911cef3b8cc3d1d1550bf85.js
192.243.59.12200 OK 21 kB URL HTTP/1.1 badgegirdle.com/63/d4/5b/63d45b685911cef3b8cc3d1d1550bf85.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (60165), with no line terminators
Hash 47d17194937d07f1cdfd522e0bfcefd4
985c059ca79aaade67554b39d341c98c9c7defdb
3947d04771656f5a75ab7bbe6c5b5643e03b0fc55eb21d3f7cea5be9ee1201c3
Analyzer Verdict Alert quad9 Sinkholed
GET /63/d4/5b/63d45b685911cef3b8cc3d1d1550bf85.js HTTP/1.1
Host: badgegirdle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 28 Jan 2023 07:56:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ff0ae063f8674146acfc098c57913dd7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
d1nubxdgom3wqt.cloudfront.net/1cHE0TksTHloodAQYUHNzQ0AGd35WG0chJQBMQwwvIRsEPCYgPwUeCAIWEjoxFEwEaCcRH1NzbRUfV3N6VhBQLHZEV0A+JBtMXiY8ABlZPDMAHhI7Kk0cWzQiHB1Va3k2RBp+bkJBHDkiHhVbOThVQwQgP1VDBH97XkERfQlVQwQ5Ih5HAGt4MlQGfjNGRR-F9CVVDBDw9VUJ1f3tFXwRnbkJBUysoGx4RfA1CQQV+e0FBBWt5QBddPC4WHkxreTZABHtlQFdBc3o
54.230.245.216200 OK 468 B URL HTTP/2 d1nubxdgom3wqt.cloudfront.net/1cHE0TksTHloodAQYUHNzQ0AGd35WG0chJQBMQwwvIRsEPCYgPwUeCAIWEjoxFEwEaCcRH1NzbRUfV3N6VhBQLHZEV0A+JBtMXiY8ABlZPDMAHhI7Kk0cWzQiHB1Va3k2RBp+bkJBHDkiHhVbOThVQwQgP1VDBH97XkERfQlVQwQ5Ih5HAGt4MlQGfjNGRR-F9CVVDBDw9VUJ1f3tFXwRnbkJBUysoGx4RfA1CQQV+e0FBBWt5QBddPC4WHkxreTZABHtlQFdBc3o
IP 54.230.245.216:0
File type ASCII text, with very long lines (659), with no line terminators
Hash 4e58a4654c0534f7fc9659fdca254147
27fb9a1b9bd164d52a69c2c7a345a02f1f81c488
55b921160b7ee196d5a9a4afe46ca5c129650ddc22e9c7b78341f74817c2bd4f
GET /1cHE0TksTHloodAQYUHNzQ0AGd35WG0chJQBMQwwvIRsEPCYgPwUeCAIWEjoxFEwEaCcRH1NzbRUfV3N6VhBQLHZEV0A+JBtMXiY8ABlZPDMAHhI7Kk0cWzQiHB1Va3k2RBp+bkJBHDkiHhVbOThVQwQgP1VDBH97XkERfQlVQwQ5Ih5HAGt4MlQGfjNGRR-F9CVVDBDw9VUJ1f3tFXwRnbkJBUysoGx4RfA1CQQV+e0FBBWt5QBddPC4WHkxreTZABHtlQFdBc3o HTTP/1.1
Host: d1nubxdgom3wqt.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hethisisath.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 468
date: Sat, 28 Jan 2023 07:56:07 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: eaLdVGSOinthwUOIBydRtv2rSBIkWxy8c8JE_EEid1lFBzpV35LA1w==
X-Firefox-Spdy: h2
syndication.realsrv.com/v1/api.php
95.211.229.245200 OK 1.2 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1671), with no line terminators
Hash 2e5cf5943b5ab30d7a94cf6a57411043
cb7c90149d4b6fa8243d7af865eb1cb3d1eb9439
d47df5e13771f57af7caaaf8db3faa3043f3d7b577fad80bb649ecbed4bb7ce4
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://hegdcrxavrtk.cdnvideo3.com
Connection: keep-alive
Referer: https://hegdcrxavrtk.cdnvideo3.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 07:56:07 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://hegdcrxavrtk.cdnvideo3.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263d4d517884303.130777593563253966%22%3B%7D; expires=Mon, 27-Jan-2025 07:56:07 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/v1/api.php
95.211.229.245200 OK 2.9 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (6323), with no line terminators
Hash bf88cdff42fa0e8418a49016a669d6d9
b5dd154443c2dcb000b41f1e5c60630f26b92f33
26b7923bfa178110ac8bfa01a4bf0c444044dbd68821fcb26eeb3c875dad5017
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 335
Origin: https://hegdcrxavrtk.cdnvideo3.com
Connection: keep-alive
Referer: https://hegdcrxavrtk.cdnvideo3.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 07:56:07 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://hegdcrxavrtk.cdnvideo3.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263d4d51788cd33.511362194248859901%22%3B%7D; expires=Mon, 27-Jan-2025 07:56:07 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8fc52c9a9baff7fa942523e6d1aa1867
0d533a2f9bc7fc41d15d2b0bbdcdc7d99ee96e66
784ff03f83b31a749592f684a6180ea94af535057e58c4916eb6c550fef8a186
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "784FF03F83B31A749592F684A6180EA94AF535057E58C4916EB6C550FEF8A186"
Last-Modified: Sat, 28 Jan 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2629
Expires: Sat, 28 Jan 2023 08:39:56 GMT
Date: Sat, 28 Jan 2023 07:56:07 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash 0349e6d78e3182b23c8a0b92b3b0a8b3
0fc1da04b464f7b1e7ff4f56b3ee95d72417f1d1
79840bcd7e18738f712f7d87bbbfdb05269e357d388523676ce4333cc8a2f2d4
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 28 Jan 2023 07:56:07 GMT
Last-Modified: Sat, 28 Jan 2023 06:24:57 GMT
Server: ECS (nyb/1D2B)
X-Cache: Miss from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: LzmYCU2X4QD1bYtMdrwa_yfvgAd2QohsFpUNcqThyjwUqKDHDCqDzQ==
Age: 5470
simplewebanalysis.com/stats
3.120.47.42200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.120.47.42:0
File type ASCII text, with no line terminators
Hash ed3e351d5c47f59bb080c92accf8ddff
23e44502a223b170c7bc8f479e3f846be47e781e
e78dae4296a7b8cddd67d5fc35965d10c6cb791bcc0982dceaabbdfa9551f416
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.xxxfiles.com
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:07 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.xxxfiles.com
access-control-allow-credentials: true
set-cookie: uid_id2=f1dc827a-c588-43bd-9829-7b72decbc6f9:1:1; expires=Tue, 25 Jan 2033 07:56:07 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
tragicbeyond.com/pixel/purst?dl=0&th=0&sc=0&rs=2083&rd=2083&fd=1549&bv=22.10.v.9&tmpl=70
173.233.137.52200 OK 0 B URL HTTP/1.1 tragicbeyond.com/pixel/purst?dl=0&th=0&sc=0&rs=2083&rd=2083&fd=1549&bv=22.10.v.9&tmpl=70
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2083&rd=2083&fd=1549&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: tragicbeyond.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 07:56:08 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
tragicbeyond.com/cc/48/f4/cc48f4cc72bd1ab0cd76dca8048a896c.js
173.233.137.52200 OK 13 kB URL HTTP/1.1 tragicbeyond.com/cc/48/f4/cc48f4cc72bd1ab0cd76dca8048a896c.js
IP 173.233.137.52:0
File type ASCII text, with very long lines (37119), with no line terminators
Hash 337a2e4f37d21c6e1433ece2649749a4
3ffa2c3014535b3bd041aa7884dfbcdf3a50909d
cd0a963b995523b97a67d122b25bbac8a8e6840763873a5240a4450660bf2238
Analyzer Verdict Alert quad9 Sinkholed
GET /cc/48/f4/cc48f4cc72bd1ab0cd76dca8048a896c.js HTTP/1.1
Host: tragicbeyond.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 07:56:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a50577ebf68f55facca00d3c135db331
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
twinrdsrv.com/banner.engine?id=4ce47ff2-c2e3-47a1-a9be-931241b17841&z=41938&cid=b9c&rand=12502&ver=async&time=0&referrerurl=https%3A%2F%2Fwww.xxxfiles.com%2F&abr=false&curl=https%3A%2F%2Fwww.xxxfiles.com%2F
172.66.43.59200 OK 1.6 kB URL HTTP/2 twinrdsrv.com/banner.engine?id=4ce47ff2-c2e3-47a1-a9be-931241b17841&z=41938&cid=b9c&rand=12502&ver=async&time=0&referrerurl=https%3A%2F%2Fwww.xxxfiles.com%2F&abr=false&curl=https%3A%2F%2Fwww.xxxfiles.com%2F
IP 172.66.43.59:0
Hash b48b3f7a3396c6167fd4ab49be1495a0
e1c920ffbe14a79d5c284fe3e4d95dcf956ea058
1f73bdc527d55b8307614cf1104edd6c31fa3d0752cd4ad9a65a5fa0d12892e2
GET /banner.engine?id=4ce47ff2-c2e3-47a1-a9be-931241b17841&z=41938&cid=b9c&rand=12502&ver=async&time=0&referrerurl=https%3A%2F%2Fwww.xxxfiles.com%2F&abr=false&curl=https%3A%2F%2Fwww.xxxfiles.com%2F HTTP/1.1
Host: twinrdsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hegdcrxavrtk.cdnvideo3.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:07 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
cache-control: private, no-transform
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
set-cookie: IKSR={}; path=/; SameSite=None; secure
INF_DFL8=false; path=/; SameSite=None; secure
IUID=5acd15cb-0b7e-4330-9e15-99984b36ccd5; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure
ISSH=68EB5C; path=/; SameSite=None; secure
VMI=; path=/; SameSite=None; secure
IPLH=#{}; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
IPLH_Q=#[]; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
CHN=#[]; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
MSSH=#{}; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
MSRH=#{}; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
ILP=null; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure
ILPLU=#1/1/0001 12:00:00 AM; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
ILEALC=#1/1/0001 12:00:00 AM; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
ILMPF=#False; expires=Sat, 28-Jan-2023 11:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
IPMPLU=#; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
IPMUID=#; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
BSWUID=#; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
IKSR={}; path=/; SameSite=None; secure
IBL=#[]; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH=#{}; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH_Q=#[]; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
IZH=#{}; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
IZH_Q=#[]; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH=#{}; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH_Q=#[]; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
IMH=#{}; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
IMH_Q=#[]; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
ISH=#{}; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
ISH_Q=#[]; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH=#{}; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH_Q=#[]; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
ICH=#{}; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
ICH_Q=#[]; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2%2F0bIghZ2row59TLIWzY0DboNkBO3G64tNrNI1taMWVG0pDfVle5OW1x8rTMJIw%2F7Zkz7fV%2BJBgfmqp0uq%2B9gRn0z0CPwf8yQL0jlJd1sbFIACcdgvZY9Vznc5IraxE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79082b731a28fac0-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/spots/320559?v2=1&fill=0&kw=Blowjob%2Ccum%20in%20mouth%2CEbony%2Cnatural%20tits%2Coil%2Cadulttime.com%2Cnurumassage.com%2Cnurumassage%2CDemi%20Sutra%2CCodey%20Steele&s1=%25subid1%25&s2=%25subid2%25
135.181.208.216200 OK 1.1 kB URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/320559?v2=1&fill=0&kw=Blowjob%2Ccum%20in%20mouth%2CEbony%2Cnatural%20tits%2Coil%2Cadulttime.com%2Cnurumassage.com%2Cnurumassage%2CDemi%20Sutra%2CCodey%20Steele&s1=%25subid1%25&s2=%25subid2%25
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 6529fffb9ea9d197f9ab3c1f6c348452
84600fad6474ef8745938d84cda6a0a4844d583c
624afe341a364e103c1857fbb95ba892c32179b0c416d0867503526b4846fb41
GET /api/spots/320559?v2=1&fill=0&kw=Blowjob%2Ccum%20in%20mouth%2CEbony%2Cnatural%20tits%2Coil%2Cadulttime.com%2Cnurumassage.com%2Cnurumassage%2CDemi%20Sutra%2CCodey%20Steele&s1=%25subid1%25&s2=%25subid2%25 HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Cookie: nauid=7L5mIom56rEFN5rNHwyf
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:56:07 GMT
content-type: text/xml
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://www.xxxfiles.com
access-control-expose-headers: X-Asg-Config, X-t
x-t: 0
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9529cb693cf315558319c1184da0abfe
4a487d37fbe9a6dfa0c4f37762092a2eaf009de8
f8553cb6a69d53d3317428d7e79e2670d235ac15444b297a95a3a46057f2363d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "F8553CB6A69D53D3317428D7E79E2670D235AC15444B297A95A3A46057F2363D"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11602
Expires: Sat, 28 Jan 2023 11:09:30 GMT
Date: Sat, 28 Jan 2023 07:56:08 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 4f1d3c41e0e0e1a4e19b8a0be6e537bc
b6571a925845473968831ad564fd4178ca1e0a5c
ccb9c52216421aed018f0f1f66952565fc01924764c8fa3b4e59bab0aa0b4558
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4020
Cache-Control: max-age=120588
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:56:08 GMT
Etag: "63d3f970-117"
Expires: Sun, 29 Jan 2023 17:25:56 GMT
Last-Modified: Fri, 27 Jan 2023 16:18:56 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 4f1d3c41e0e0e1a4e19b8a0be6e537bc
b6571a925845473968831ad564fd4178ca1e0a5c
ccb9c52216421aed018f0f1f66952565fc01924764c8fa3b4e59bab0aa0b4558
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4020
Cache-Control: max-age=120588
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:56:08 GMT
Etag: "63d3f970-117"
Expires: Sun, 29 Jan 2023 17:25:56 GMT
Last-Modified: Fri, 27 Jan 2023 16:18:56 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 03201e381b6ad1cd03f4805d1512987b
4383185a3b03d13e37fb0378fc1e74edfa688b29
6287bdb027538b227d0857f8f9122946aa6f05c64b61f452a0ef192d9c6316b6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6287BDB027538B227D0857F8F9122946AA6F05C64B61F452A0EF192D9C6316B6"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5570
Expires: Sat, 28 Jan 2023 09:28:58 GMT
Date: Sat, 28 Jan 2023 07:56:08 GMT
Connection: keep-alive
go.xlivrdr.com/smartpop/ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4?userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&memberId=0f565955-55da-451f-88fb-5b4272200af6&sourceId=xxxfiles.com&p1=Promo_Banners_Straight_T1_Desk&p2=49657&trackOff=1
104.18.59.150302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4?userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&memberId=0f565955-55da-451f-88fb-5b4272200af6&sourceId=xxxfiles.com&p1=Promo_Banners_Straight_T1_Desk&p2=49657&trackOff=1
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4?userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&memberId=0f565955-55da-451f-88fb-5b4272200af6&sourceId=xxxfiles.com&p1=Promo_Banners_Straight_T1_Desk&p2=49657&trackOff=1 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://twinrdsrv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 28 Jan 2023 07:56:08 GMT
content-length: 0
location: https://creative.xlivrdr.com/widgets/v4/Universal?campaignId=ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4&campaignType=smartpop&creativeId=37acc769fa476626fe6b90aec4a1f923bc4ff59b110ff874761e96a2a9218620&iterationId=379976&masterSmartpopId=1914&memberId=0f565955-55da-451f-88fb-5b4272200af6&p1=Promo_Banners_Straight_T1_Desk&p2=49657&quality=optimal&ruleId=17&smartpopId=1807&sourceId=xxxfiles.com&tag=-girls%2Findian&trackOff=1&userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&variationId=30009
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=893328.30009; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCeScBLPeXxw9eeb8nYMM6v3WeZJL; SameSite=None; Secure; path=/; expires=Sun, 29-Jan-23 06:56:08 GMT; HttpOnly
server: cloudflare
cf-ray: 79082b783acdb4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.xlivrdr.com/smartpop/ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4?userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&memberId=80302caa-a883-4ec2-bc83-60ddc2e76528&sourceId=xxxfiles.com&p1=Promo_Banners_Straight_T1_Desk&p2=49657&trackOff=1
104.18.59.150302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4?userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&memberId=80302caa-a883-4ec2-bc83-60ddc2e76528&sourceId=xxxfiles.com&p1=Promo_Banners_Straight_T1_Desk&p2=49657&trackOff=1
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4?userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&memberId=80302caa-a883-4ec2-bc83-60ddc2e76528&sourceId=xxxfiles.com&p1=Promo_Banners_Straight_T1_Desk&p2=49657&trackOff=1 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://twinrdsrv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 28 Jan 2023 07:56:08 GMT
content-length: 0
location: https://creative.xlivrdr.com/widgets/v4/Universal?campaignId=ec1535c1cbaa3d0b93513d43b65aa5ca154a4f64912bc1c7443cc846eec2add4&campaignType=smartpop&creativeId=37acc769fa476626fe6b90aec4a1f923bc4ff59b110ff874761e96a2a9218620&iterationId=379976&masterSmartpopId=1914&memberId=80302caa-a883-4ec2-bc83-60ddc2e76528&p1=Promo_Banners_Straight_T1_Desk&p2=49657&quality=optimal&ruleId=17&smartpopId=1807&sourceId=xxxfiles.com&tag=-girls%2Findian&trackOff=1&userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&variationId=30009
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=893328.30009; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCeRhAptQvDh5wz7mfR3Nu23twxd2; SameSite=None; Secure; path=/; expires=Sun, 29-Jan-23 06:56:08 GMT; HttpOnly
server: cloudflare
cf-ray: 79082b782ac5b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f46773c05a404d6539bada9c2c349795
149d44af1129e206ed223de9ab0b0fb612a1f959
05c46c9e0c677b44b400d2ed7568ffff8d445e6e43a5d6f6a8351bd18c5dec95
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:56:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f46773c05a404d6539bada9c2c349795
149d44af1129e206ed223de9ab0b0fb612a1f959
05c46c9e0c677b44b400d2ed7568ffff8d445e6e43a5d6f6a8351bd18c5dec95
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:56:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 36147c185553851c38547798733a9fb2
912ec40237eae2ed558d09103c86c41f87896eca
a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:56:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b10c572a58f34d8fb28433f25bb9c885
8bc11baa4e367bfcf8738f28000a3befc9866cc8
678014c585151112a3bd14158afd8509eeec3d4bad3117d6ccd9ecaa109107bc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1892
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:56:08 GMT
Last-Modified: Sat, 28 Jan 2023 07:24:37 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 4f1d3c41e0e0e1a4e19b8a0be6e537bc
b6571a925845473968831ad564fd4178ca1e0a5c
ccb9c52216421aed018f0f1f66952565fc01924764c8fa3b4e59bab0aa0b4558
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4020
Cache-Control: max-age=120588
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:56:08 GMT
Etag: "63d3f970-117"
Expires: Sun, 29 Jan 2023 17:25:56 GMT
Last-Modified: Fri, 27 Jan 2023 16:18:56 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 279
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f97d1250e7b06507dcdde98d44b58dc8
10030f7fced8691202dbf19200efd6035bf7a405
c97a128485f45c02621ea479e8619499c3336c97a8812b0cece90e150beefb0f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C97A128485F45C02621EA479E8619499C3336C97A8812B0CECE90E150BEEFB0F"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6273
Expires: Sat, 28 Jan 2023 09:40:41 GMT
Date: Sat, 28 Jan 2023 07:56:08 GMT
Connection: keep-alive
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sat, 28 Jan 2023 07:46:59 GMT
expires: Sat, 28 Jan 2023 09:46:59 GMT
cache-control: public, max-age=7200
age: 549
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
hethisisath.xyz/utx?cb=qtPpXjXdPvNt&top=www.xxxfiles.com&tid=831295
65.9.44.105204 No Content 0 B URL HTTP/2 hethisisath.xyz/utx?cb=qtPpXjXdPvNt&top=www.xxxfiles.com&tid=831295
IP 65.9.44.105:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=qtPpXjXdPvNt&top=www.xxxfiles.com&tid=831295 HTTP/1.1
Host: hethisisath.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.xxxfiles.com
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 28 Jan 2023 07:56:08 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.xxxfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 28 Jan 2023 07:57:08 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 5f5aa47bb337704a0ad6f14b5e9a076a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: DQarKhhkNjeyakCpcs5GotkuE9cFRfGo0_Bk7VuJgmQH5DeNE_LO1Q==
X-Firefox-Spdy: h2
hethisisath.xyz/utx?cb=NVcnQxyZfTwJ&top=www.xxxfiles.com&tid=958506
65.9.44.105204 No Content 0 B URL HTTP/2 hethisisath.xyz/utx?cb=NVcnQxyZfTwJ&top=www.xxxfiles.com&tid=958506
IP 65.9.44.105:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=NVcnQxyZfTwJ&top=www.xxxfiles.com&tid=958506 HTTP/1.1
Host: hethisisath.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.xxxfiles.com
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 28 Jan 2023 07:56:08 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.xxxfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 28 Jan 2023 07:57:08 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 5f5aa47bb337704a0ad6f14b5e9a076a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: CPqnBYScregIzulJ8iXp-ULDBBA7fX7099USN-QAMD0TCwzWBViI5g==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 390 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Hash 18d55b2e0f70309c2b601e434242aa25
edeb0962c83b584e078912a4f933eb2bebef49a7
fc28d81e30a09f90531bcbf6daa2fbd1b607e51a2c02426ad3609e95da7bcb7d
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 28 Jan 2023 07:56:08 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S168245378%3A1674892568492908&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcevMw5u0wIl1YFk7SfKXZ6jMP78310pekF-CGi8XpYuP1lhHlLk1yamhC1vK4uZ5kmfYO74A
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-Im7lYPXdYt0z7DfkNQFNsA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 390
server: GSE
set-cookie: __Host-GAPS=1:HcxKWvVuDTAsk-cXaRSjpHy9qK8wXg:B3k8ZeNYdQhk5FpS;Path=/;Expires=Mon, 27-Jan-2025 07:56:08 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9529cb693cf315558319c1184da0abfe
4a487d37fbe9a6dfa0c4f37762092a2eaf009de8
f8553cb6a69d53d3317428d7e79e2670d235ac15444b297a95a3a46057f2363d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "F8553CB6A69D53D3317428D7E79E2670D235AC15444B297A95A3A46057F2363D"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11602
Expires: Sat, 28 Jan 2023 11:09:30 GMT
Date: Sat, 28 Jan 2023 07:56:08 GMT
Connection: keep-alive
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 396 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (383)
Hash b188d026d0db960482e3ad2fd1e8c846
14dbbc8cf83146a3f97a25100e986ce7a96c6802
61aaf1939c728432d63f08394cd31b7b8d1aeb74b6ab8439d5f87509a8d342fb
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 28 Jan 2023 07:56:08 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S503720791%3A1674892568539449&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcZQtJBZq7dGeghcaqJvyCIqlBXDtSjcORXQJzpTODYggCxuNhBD0Czy63WsBTuqN5Wg2e8ug
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-Bc_5Gjv7RbfxyOsjCvmsTA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 396
server: GSE
set-cookie: __Host-GAPS=1:mo8mhXgauVsZLXalnlAjYHYFajlKvw:8HGX8NkEDxK6ERqZ;Path=/;Expires=Mon, 27-Jan-2025 07:56:08 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
banquetunarmedgrater.com/advertisers.js
173.233.137.36200 OK 0 B URL HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 07:56:08 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 18cf08113ae816796de5dafe0c43f0c9
Strict-Transport-Security: max-age=0; includeSubdomains
www.google-analytics.com/collect?v=1&_v=j99&a=148551660&t=event&_s=2&dl=https%3A%2F%2Fwww.xxxfiles.com%2Fvideos%2F145998%2Fa7195687f4fba01f71d35a3d1e5ee304%2F%3Fsid%3D12320&ul=en-us&de=UTF-8&dt=Date%20Night%20Nerves%20%2F%20Nuru%20Massage%20-%20VeryFreePorn.com&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&ec=12320&ea=pageview&el=xxxfiles&_u=IEBAAEABAAAAACAAI~&jid=&gjid=&cid=418077101.1674892570&tid=UA-154720556-1&_gid=1593713769.1674892570&z=1170289680
142.250.74.110200 OK 35 B URL HTTP/2 www.google-analytics.com/collect?v=1&_v=j99&a=148551660&t=event&_s=2&dl=https%3A%2F%2Fwww.xxxfiles.com%2Fvideos%2F145998%2Fa7195687f4fba01f71d35a3d1e5ee304%2F%3Fsid%3D12320&ul=en-us&de=UTF-8&dt=Date%20Night%20Nerves%20%2F%20Nuru%20Massage%20-%20VeryFreePorn.com&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&ec=12320&ea=pageview&el=xxxfiles&_u=IEBAAEABAAAAACAAI~&jid=&gjid=&cid=418077101.1674892570&tid=UA-154720556-1&_gid=1593713769.1674892570&z=1170289680
IP 142.250.74.110:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?v=1&_v=j99&a=148551660&t=event&_s=2&dl=https%3A%2F%2Fwww.xxxfiles.com%2Fvideos%2F145998%2Fa7195687f4fba01f71d35a3d1e5ee304%2F%3Fsid%3D12320&ul=en-us&de=UTF-8&dt=Date%20Night%20Nerves%20%2F%20Nuru%20Massage%20-%20VeryFreePorn.com&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&ec=12320&ea=pageview&el=xxxfiles&_u=IEBAAEABAAAAACAAI~&jid=&gjid=&cid=418077101.1674892570&tid=UA-154720556-1&_gid=1593713769.1674892570&z=1170289680 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Fri, 27 Jan 2023 19:11:05 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 45903
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j99&a=148551660&t=pageview&_s=1&dl=https%3A%2F%2Fwww.xxxfiles.com%2Fvideos%2F145998%2Fa7195687f4fba01f71d35a3d1e5ee304%2F%3Fsid%3D12320&ul=en-us&de=UTF-8&dt=Date%20Night%20Nerves%20%2F%20Nuru%20Massage%20-%20VeryFreePorn.com&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=235206168&gjid=1931408134&cid=418077101.1674892570&tid=UA-154720556-1&_gid=1593713769.1674892570&_r=1&_slc=1&z=1397566561
142.250.74.110200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j99&a=148551660&t=pageview&_s=1&dl=https%3A%2F%2Fwww.xxxfiles.com%2Fvideos%2F145998%2Fa7195687f4fba01f71d35a3d1e5ee304%2F%3Fsid%3D12320&ul=en-us&de=UTF-8&dt=Date%20Night%20Nerves%20%2F%20Nuru%20Massage%20-%20VeryFreePorn.com&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=235206168&gjid=1931408134&cid=418077101.1674892570&tid=UA-154720556-1&_gid=1593713769.1674892570&_r=1&_slc=1&z=1397566561
IP 142.250.74.110:0
File type ASCII text, with no line terminators
Hash 38684612f0c6bb6dfa16da92f4a6878f
6fe62d0dd7db314b7f9bb945672f078e01d27f0f
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
POST /j/collect?v=1&_v=j99&a=148551660&t=pageview&_s=1&dl=https%3A%2F%2Fwww.xxxfiles.com%2Fvideos%2F145998%2Fa7195687f4fba01f71d35a3d1e5ee304%2F%3Fsid%3D12320&ul=en-us&de=UTF-8&dt=Date%20Night%20Nerves%20%2F%20Nuru%20Massage%20-%20VeryFreePorn.com&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=235206168&gjid=1931408134&cid=418077101.1674892570&tid=UA-154720556-1&_gid=1593713769.1674892570&_r=1&_slc=1&z=1397566561 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www.xxxfiles.com
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.xxxfiles.com
date: Sat, 28 Jan 2023 07:56:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 36147c185553851c38547798733a9fb2
912ec40237eae2ed558d09103c86c41f87896eca
a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:56:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9324
Expires: Sat, 28 Jan 2023 10:31:32 GMT
Date: Sat, 28 Jan 2023 07:56:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 4.7 kB IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 35d1fb8bc21d48ba125b807d13a7e6bf
d4f368ea6e45aac0d2911de7aeb422cf0e408702
40bda93a2d46b26af4f80b57a0a5c1746ade483bbe91891f8a39c0d1a8018927
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9324
Expires: Sat, 28 Jan 2023 10:31:32 GMT
Date: Sat, 28 Jan 2023 07:56:08 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ab04da9bc46246cc0001464e7f6b5e19
01ce4f7004aec7a24d4545a1e742ab6a1e639b48
22e519a39cb2e7e5f6da23d35f4498aa7a2d00e06613fd3bbf8de8a62ed2d354
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:56:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ea24bcba583bd8bd139559448a343e68
b9d37c2b14f890d41983a59f352e8f7caa9c94bb
e5ef5975eec964ae1684deb424f00833f2d217bdc7e6c385320ed3adeb6bc1c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7585
x-amzn-requestid: bfb52acb-e0d7-482d-8be9-be5db1c16cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkE5roAMF0Hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-2d38d314177e0ac40d4c8240;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1WE1zQwrCGVy8HLT9_BFkAr6rQE_ROyttMOByR32KeT0w2Hd_ylvYQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:16:00 GMT
age: 34808
etag: "b9d37c2b14f890d41983a59f352e8f7caa9c94bb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9324
Expires: Sat, 28 Jan 2023 10:31:32 GMT
Date: Sat, 28 Jan 2023 07:56:08 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f97d1250e7b06507dcdde98d44b58dc8
10030f7fced8691202dbf19200efd6035bf7a405
c97a128485f45c02621ea479e8619499c3336c97a8812b0cece90e150beefb0f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C97A128485F45C02621EA479E8619499C3336C97A8812B0CECE90E150BEEFB0F"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6273
Expires: Sat, 28 Jan 2023 09:40:41 GMT
Date: Sat, 28 Jan 2023 07:56:08 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b10c572a58f34d8fb28433f25bb9c885
8bc11baa4e367bfcf8738f28000a3befc9866cc8
678014c585151112a3bd14158afd8509eeec3d4bad3117d6ccd9ecaa109107bc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1892
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:56:08 GMT
Last-Modified: Sat, 28 Jan 2023 07:24:37 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:46 GMT
age: 35962
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP 34.120.237.76:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6878014601ad05cf5ba82086edea092e
040e4bd02522ffeca84484244919b0342ad9db7b
d003f490cbe5831be25ede46400a170009f1cb802041e00c839afff01eefe79d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 2e85f75e-ab9d-4d45-adad-7313950a9647
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSWbxGwnoAMFejw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d117-68f1a9e71a07a0453311fd32;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 06:49:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dbz3wXGNaetf6xvRE98rshyHy-FVfDo8co-4VDL0a4Qe3E4U8A82Og==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 18:36:01 GMT
age: 48007
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/spots/329591?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 18 kB URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/329591?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash ca59b684941583aac38b2d5be6d99382
cbfb0b593c364b19bdc70a7dff5ab17ad790934d
46e337e20741c0d335a58229cc33fe22d547ab58227406d92e21c4ce3916b967
GET /api/spots/329591?p=1&s1=%subid1%&kw= HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Cookie: nauid=7L5mIom56rEFN5rNHwyf
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:56:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.167.29200 OK 32 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.167.29:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 3f9150dfcdc19e6e045531c98ab6be0b
e7288e0f5be96341cbacd30408bc86d5c52cb7c1
def220bc9fb29c18d50bac0e2a203c0b97f8fa4911ff499072c2f878bf02ccd0
Analyzer Verdict Alert fortinet Malware
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:08 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: c416a65dd647e7e88437e091fb147b10
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 28 Jan 2023 07:56:08 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yRPRTEnm3zvWvCBogOzfJd4CiEyrUBksLosfWiCkem6%2FSvpm9bJowiFvjLWhgHJayZGuVmxq%2FSjS5svi9KXD2N3OaETQBfPNgUp8wZJYiOvvLDtzOXQzzBa%2Fh4sZJUtZIT1ILQ8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79082b77cb307792-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
video.ktkjmp.com/adsbygoogle.js
104.18.48.21200 OK 16 B URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 104.18.48.21:0
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Origin: https://creative.xlivrdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:08 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: umnGOMVCjminO+qe5UBV06OrSizh/U59KvaEibge5v1gMRbq/UnThpljPBepeh+5w7wEpQIcu/4=
x-amz-request-id: 3YW9SERF7DC7262X
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xlivrdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 5999
expires: Sat, 28 Jan 2023 11:56:08 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79082b7b8ac01c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash acad64394e2cbaa5ffcc4be1a6e331c6
0aabce63699cd5454283bbdad108b6cbbe681fbb
c69a7463c054752c9036e5646f167ff689adcb605e3c063f4440749b71faa236
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C69A7463C054752C9036E5646F167FF689ADCB605E3C063F4440749B71FAA236"
Last-Modified: Fri, 27 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4870
Expires: Sat, 28 Jan 2023 09:17:18 GMT
Date: Sat, 28 Jan 2023 07:56:08 GMT
Connection: keep-alive
accounts.google.com/v3/signin/identifier?dsh=S503720791%3A1674892568539449&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcZQtJBZq7dGeghcaqJvyCIqlBXDtSjcORXQJzpTODYggCxuNhBD0Czy63WsBTuqN5Wg2e8ug
142.250.74.109403 Forbidden 806 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S503720791%3A1674892568539449&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcZQtJBZq7dGeghcaqJvyCIqlBXDtSjcORXQJzpTODYggCxuNhBD0Czy63WsBTuqN5Wg2e8ug
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1644), with no line terminators
Hash a92c1d84bdd078f34c38ca44e1cb9137
f6511e3cf16f7909aeb7f9d2294f56b7c96e0737
e5b395034ac0af314a27417874519a69b522602d24e8f71b54b6f644947846f5
GET /v3/signin/identifier?dsh=S503720791%3A1674892568539449&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcZQtJBZq7dGeghcaqJvyCIqlBXDtSjcORXQJzpTODYggCxuNhBD0Czy63WsBTuqN5Wg2e8ug HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 28 Jan 2023 07:56:08 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-aoIoZVCzYFbRchlP_XzzEQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
hethisisath.xyz/floater?cs=dklreWhEeFlIUUN7WkpfRnlSSVA&abt=0&red=1&sm=83&k=date%20night%20nerves%20nurumassage&v=0.9.1.0&sts=0&prn=0&emb=0&tid=958506&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww.xxxfiles.com%2Fvideos%2F145998%2Fa7195687f4fba01f71d35a3d1e5ee304%2F%3Fsid%3D12320&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_UfaS=1674892570131&crc=1
65.9.44.105200 OK 1.9 kB URL HTTP/2 hethisisath.xyz/floater?cs=dklreWhEeFlIUUN7WkpfRnlSSVA&abt=0&red=1&sm=83&k=date%20night%20nerves%20nurumassage&v=0.9.1.0&sts=0&prn=0&emb=0&tid=958506&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww.xxxfiles.com%2Fvideos%2F145998%2Fa7195687f4fba01f71d35a3d1e5ee304%2F%3Fsid%3D12320&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_UfaS=1674892570131&crc=1
IP 65.9.44.105:0
Hash f4dd4c4421e4bf090941072005d63899
d6f732558492bc8c0c6e8c0355a93bc82eb79b57
475d1856a22c77cbb4f37e77766a7f723fef92edf96d2f7d7c093d691e9f3623
GET /floater?cs=dklreWhEeFlIUUN7WkpfRnlSSVA&abt=0&red=1&sm=83&k=date%20night%20nerves%20nurumassage&v=0.9.1.0&sts=0&prn=0&emb=0&tid=958506&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww.xxxfiles.com%2Fvideos%2F145998%2Fa7195687f4fba01f71d35a3d1e5ee304%2F%3Fsid%3D12320&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi3_&_UfaS=1674892570131&crc=1 HTTP/1.1
Host: hethisisath.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.xxxfiles.com
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1622
date: Sat, 28 Jan 2023 07:56:08 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.xxxfiles.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=e66ad4bc-b424-4dd5-a93a-d54b523fec94
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 5f5aa47bb337704a0ad6f14b5e9a076a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: 6CwSCQ99HIvMbKJtvCux48Wo5OiHVgQRDtE6469QfGANYVMKwlwS9Q==
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA02QXU4DMQyEr8IFGo0d56/P8ApSUQ+wJLsFoe6igqoizeHJLhIi8+BPUcZjR6F+B9lpvoPuQ9wjsYgrcKZOgvHx6UATfiyX+bS4upwpBoRM9ZKSMqPknGhepEAZkFeOsEgrGkWi0UBPdGnwZis5QJgyH44HHp/v+0VRKRQqk+ZbQcc1mQpaZ9w2O1prRfIUQgtDrqpjDhJi01D9OK5+8HU8tXq5DdfL17urbb6+tXHx2+T4lUM3bVn400620g+40fD5PVfy35NVYTNJ/wNbC6c6tNCX7A0x9X1TfLGx+DJg8hNS/QEJ14mtXwEAAA==
95.211.229.245200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA02QXU4DMQyEr8IFGo0d56/P8ApSUQ+wJLsFoe6igqoizeHJLhIi8+BPUcZjR6F+B9lpvoPuQ9wjsYgrcKZOgvHx6UATfiyX+bS4upwpBoRM9ZKSMqPknGhepEAZkFeOsEgrGkWi0UBPdGnwZis5QJgyH44HHp/v+0VRKRQqk+ZbQcc1mQpaZ9w2O1prRfIUQgtDrqpjDhJi01D9OK5+8HU8tXq5DdfL17urbb6+tXHx2+T4lUM3bVn400620g+40fD5PVfy35NVYTNJ/wNbC6c6tNCX7A0x9X1TfLGx+DJg8hNS/QEJ14mtXwEAAA==
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA02QXU4DMQyEr8IFGo0d56/P8ApSUQ+wJLsFoe6igqoizeHJLhIi8+BPUcZjR6F+B9lpvoPuQ9wjsYgrcKZOgvHx6UATfiyX+bS4upwpBoRM9ZKSMqPknGhepEAZkFeOsEgrGkWi0UBPdGnwZis5QJgyH44HHp/v+0VRKRQqk+ZbQcc1mQpaZ9w2O1prRfIUQgtDrqpjDhJi01D9OK5+8HU8tXq5DdfL17urbb6+tXHx2+T4lUM3bVn400620g+40fD5PVfy35NVYTNJ/wNbC6c6tNCX7A0x9X1TfLGx+DJg8hNS/QEJ14mtXwEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hegdcrxavrtk.cdnvideo3.com
Connection: keep-alive
Referer: https://hegdcrxavrtk.cdnvideo3.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263d4d51788cd33.511362194248859901%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 07:56:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://hegdcrxavrtk.cdnvideo3.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Mon, 27 Jan 2025 07:56:09 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
tragicbeyond.com/pixel/pure
173.233.137.52204 No Content 0 B URL HTTP/1.1 tragicbeyond.com/pixel/pure
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /pixel/pure HTTP/1.1
Host: tragicbeyond.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 07:56:09 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
simplewebanalysis.com/stats
3.120.47.42200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.120.47.42:0
File type ASCII text, with no line terminators
Hash ed3e351d5c47f59bb080c92accf8ddff
23e44502a223b170c7bc8f479e3f846be47e781e
e78dae4296a7b8cddd67d5fc35965d10c6cb791bcc0982dceaabbdfa9551f416
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.xxxfiles.com
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Cookie: uid_id2=f1dc827a-c588-43bd-9829-7b72decbc6f9:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:09 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.xxxfiles.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1P0U7DMAz8FX6gke04cbJneAVpaB+Qpt1AaC0qaBrSfTxJkbDl+GT5cmch8QPxIOmB5BDigQyZXSan4jgonl+OUMbnui2X1dX1imjRcoZ4NhMkyikZ1LNqTgjUSyymBOOcWgmU4EEtJXjVjhwRq0VYwtPpiNPrY5tl4QyGENrbdTvUhuneyTSOcU6FtEr0heKcK52bkNmZipr1RbzNl6lu93Lbvj9cnZbb+zSvfvdNCI1IYKLYXTiW1OV2Z3858N5aEHZUvn6WCvwvaNxb2FmCdnP7D6j90KIaqk0UZeTAXIuJhPEcQyq/9TeRK2YBAAA=
95.211.229.245200 OK 330 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1P0U7DMAz8FX6gke04cbJneAVpaB+Qpt1AaC0qaBrSfTxJkbDl+GT5cmch8QPxIOmB5BDigQyZXSan4jgonl+OUMbnui2X1dX1imjRcoZ4NhMkyikZ1LNqTgjUSyymBOOcWgmU4EEtJXjVjhwRq0VYwtPpiNPrY5tl4QyGENrbdTvUhuneyTSOcU6FtEr0heKcK52bkNmZipr1RbzNl6lu93Lbvj9cnZbb+zSvfvdNCI1IYKLYXTiW1OV2Z3858N5aEHZUvn6WCvwvaNxb2FmCdnP7D6j90KIaqk0UZeTAXIuJhPEcQyq/9TeRK2YBAAA=
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash b6630cee1d8f201a8ef5e6584cae1ac5
540cb6f4540c3eb06df8ad79ebd8376cb59aace2
2e4d84792a9ccdd0de009fb4b00228b14dcd13357248f8787522b069d6ab073e
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz1P0U7DMAz8FX6gke04cbJneAVpaB+Qpt1AaC0qaBrSfTxJkbDl+GT5cmch8QPxIOmB5BDigQyZXSan4jgonl+OUMbnui2X1dX1imjRcoZ4NhMkyikZ1LNqTgjUSyymBOOcWgmU4EEtJXjVjhwRq0VYwtPpiNPrY5tl4QyGENrbdTvUhuneyTSOcU6FtEr0heKcK52bkNmZipr1RbzNl6lu93Lbvj9cnZbb+zSvfvdNCI1IYKLYXTiW1OV2Z3858N5aEHZUvn6WCvwvaNxb2FmCdnP7D6j90KIaqk0UZeTAXIuJhPEcQyq/9TeRK2YBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hegdcrxavrtk.cdnvideo3.com
Connection: keep-alive
Referer: https://hegdcrxavrtk.cdnvideo3.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263d4d51788cd33.511362194248859901%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 07:56:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://hegdcrxavrtk.cdnvideo3.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D; expires=Mon, 27 Jan 2025 07:56:09 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
tragicbeyond.com/pixel/pure
173.233.137.52200 OK 0 B URL HTTP/1.1 tragicbeyond.com/pixel/pure
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /pixel/pure HTTP/1.1
Host: tragicbeyond.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 73
Origin: https://www.xxxfiles.com
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 07:56:09 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
excretekings.com/sbar.json?key=cc48f4cc72bd1ab0cd76dca8048a896c
192.243.59.20200 OK 4.4 kB URL HTTP/1.1 excretekings.com/sbar.json?key=cc48f4cc72bd1ab0cd76dca8048a896c
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6044), with no line terminators
Hash 59f5d5e8bff4076be06e4623ba042539
fc4d74234582b17f47c7de878fe7c3cf70d7ea96
a7b9694f8167947b92d7cb838943f2b9b7d61bab42aa4cffaf29393e0f523324
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=cc48f4cc72bd1ab0cd76dca8048a896c HTTP/1.1
Host: excretekings.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.xxxfiles.com
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 28 Jan 2023 07:56:09 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.xxxfiles.com
Access-Control-Allow-Origin: https://www.xxxfiles.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17371676; expires=Sun, 29 Jan 2023 07:56:09 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 29 Jan 2023 07:56:09 GMT; secure; SameSite=None
uncs=1; expires=Sun, 29 Jan 2023 07:56:09 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 29 Jan 2023 07:56:09 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 29 Jan 2023 07:56:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a6deca0a48b232f0c515c418fa411c10
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
hegdcrxavrtk.cdnvideo3.com/api/spots/1216195846658518095/1636039?fill=0&kw=Blowjob,cum%20in%20mouth,Ebony,natural%20tits,oil,adulttime.com,nurumassage.com,nurumassage,Demi%20Sutra,Codey%20Steele
135.181.208.216200 OK 3.2 kB URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/1216195846658518095/1636039?fill=0&kw=Blowjob,cum%20in%20mouth,Ebony,natural%20tits,oil,adulttime.com,nurumassage.com,nurumassage,Demi%20Sutra,Codey%20Steele
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1562)
Hash 79a2370e7f96c38209c8c7e0e3213783
525c8c465d26bbb0ffb9bf212c5da4c7f4ba38e6
cc79812c221e7b46b481c786e4060743fb8632b1f77b27aecf7bba59ce4407fb
GET /api/spots/1216195846658518095/1636039?fill=0&kw=Blowjob,cum%20in%20mouth,Ebony,natural%20tits,oil,adulttime.com,nurumassage.com,nurumassage,Demi%20Sutra,Codey%20Steele HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Cookie: nauid=7L5mIom56rEFN5rNHwyf
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:56:08 GMT
content-type: text/xml
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://www.xxxfiles.com
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/140058/e82a60aaafc6ecbb605ec16c64ddc8fec493ae52.mp4
185.76.9.19206 Partial Content 36 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/140058/e82a60aaafc6ecbb605ec16c64ddc8fec493ae52.mp4
IP 185.76.9.19:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash b9eb81d8300ef17e3583b3303c85497c
e82a60aaafc6ecbb605ec16c64ddc8fec493ae52
1971462dce918746ca558bf5e7f20c06ec8058b9d8a8af3d4c67339c8e480cf9
GET /library/140058/e82a60aaafc6ecbb605ec16c64ddc8fec493ae52.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://hegdcrxavrtk.cdnvideo3.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Sat, 28 Jan 2023 07:56:09 GMT
content-type: video/mp4
content-length: 35876
last-modified: Thu, 26 Mar 2020 22:23:58 GMT
etag: "5e7d2b7e-8c24"
expires: Fri, 30 Jun 2023 11:21:21 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195303
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ2ycbz/sjcWAQ
x-77-nzt-ray: c0a4cc28904d704e19d5d4637f260211
x-cache: HIT
x-age: 18233266
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-35875/35876
X-Firefox-Spdy: h2
tragicbeyond.com/pixel/pure
173.233.137.52200 OK 0 B URL HTTP/1.1 tragicbeyond.com/pixel/pure
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /pixel/pure HTTP/1.1
Host: tragicbeyond.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 73
Origin: https://www.xxxfiles.com
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 07:56:09 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
pogothere.xyz/
172.64.199.35200 OK 9.0 kB IP 172.64.199.35:0
File type ASCII text, with very long lines (29529)
Hash ad777ed1bb0e2dcc1e30b0f934e19d62
4181c8fb6e44fc0e16a4099826b0c6b3ed4b107c
18e8f5725304d407d900c509708c6b6ea3016e661d4602bbb68cccc62761dcf4
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:08 GMT
content-type: text/plain
set-cookie: csu=455850567636208@1@1674892568; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.xxxfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H4fEQfcvgvHelVNqvai3xyuzgOrrDUWpsGjf8PCR8MZmAHyWQDD0kZg2C80sP%2BkI3fJ2aGcnCQAshdq7Vc7h2nWzT2NM7VcNAOBh1aIrPyshH5rxt47KbfwcUBzNPRaf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79082b797a347708-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/spots/329587?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 4.0 kB URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/329587?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash a0fbbb5e6e6c6f419aba5b90a9a50961
4ec833841a53ac880377daff63b10d64d716b321
56e8ff2093579524416fb22ab1037c4f1d79fa8592187388a9350184c88c11cb
GET /api/spots/329587?p=1&s1=%subid1%&kw= HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:56:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=sNgHTwSzO4SOpIKNP1o1; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
syndication.realsrv.com/splash.php?idzone=4248590
95.211.229.245200 OK 2.7 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?idzone=4248590
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1562)
Hash d5abe188341099ce90207e9be77e3627
6d0c355c5de72d595e3353d095d3bf46959a9ec2
91721254034523469ad3cb6b8a503e71ff7fa30b786e3daf3a2c7bedfba578fd
GET /splash.php?idzone=4248590 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263d4d51788cd33.511362194248859901%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.029701%22%7D; c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4646896%7C59504696%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63d4d51788cd33.511362194248859901%7C%7C0%7Cxxxfiles.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 28 Jan 2023 07:56:09 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263d4d51788cd33.511362194248859901%22%3B%7D; expires=Mon, 27 Jan 2025 07:56:09 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C4248590%7C78484636%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C63d4d51788cd33.511362194248859901%7C%7C0%7Cxxxfiles.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sun, 29 Jan 2023 07:56:09 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://www.xxxfiles.com
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
excretekings.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWsk1Rd9lV9m8XM2GtwMKJQ7BelU9Ue62xGGiWMkGDNxZiRb31d1nnldr3ivqqsTGAgOyLhrRcFl5XQyQQ0y8weI0nEzBBcpFQlidm5cCYJr6U5D44Wqe889b3HOvfej%2FeyCBMjo%2BcY7ZldpTRcblcB%2FeVPFwuTOX7%2Fnh0EluO5vqnipft3vj3%2B291oYNCrBK%2F5bkm%2BbxWoQBkEYhP6KsjIy%2FcUJC5Uct8NKO6jUq5WwUUff%2Fhe7zIOjHkTvgixAifLK1tMnUHyEuPv4lnTbqUlefbObaZoai544ei%2Fejk0eozsrI%2Bshio%2Bmr2FcScgXczDx0dQBTO9g7ABMlcT7NQSLj6YywXqHl0qZhozBxFXkvRGkHkHREbh5ACXOCMAF1m8j7j5aNzanO5csHbMlmf%2Fnb6i8JPO%2FP4%2B4%2B82yVn3%2FrtFZqkzs0I8KqP4IqjNCkp0g3fWg8hPw9EMoQRB3CyhRTFwrNYKKRtByAOo8ZONPecgiD1nioSvOfdpoR0HQjFhUq7XqnPNajfNGa0k0RK3eigJkfCxrgDQZgOsBuN1DYvewrT49ayycra3CZt%2FDbRVwwoNLS%2BK9u4eeKJBLgtwR5JQgVwR5SpD3ikOhXdUVj4R2GQunuTrNtWJo0s4%2BPTRpR8ZkP7kgz42n4v1%2F4QVsy3Of83orqnPerDIRUhZw0VwSnLaCeou22kscThVQbm5ieFeV5Mqf95GokszRH8HoCZw%2BAVfPgmYvgubDZjUA3RrWWwF24%2BN%2Bvx8pLV2Fmy6EKZCk80h3vH19Qa5NtvP6%2Fc8h%2BSmZBrgtkNgCH6gfCDr64fCOycnBHZM78uR2kqqu2qXjzd1NaSq9r96WO7mxYvWWG3x5k4%2BJcXl8T7p0jcZCxR1Hvl5WQki7YiyX5NtVtynZRua2ljMbZ8naxhsrq93ESueUiUegqiTk4jdwVZKrz7w0uUr%2Fs6dQdgSbFehmM63KjMCTPbhk1nOGwOoZZomHPCuGtspmTa0ItJxhygo4eXrj8R%2Fv3%2Fy4uQYmT7%2F765Lbdw%2FRsR5o%2BmByiz1boKcLUD2Ay%2F43TBN7euOn2iTAtDdk2noHTFv9yeVwnTr3ZSMKIhlUJYvaLGrSQLSjepvRdiibrEFDpK7kP%2F9y7V8AAAD%2F%2FwEAAP%2F%2FoyikXG0EAAA%3D
192.243.59.20200 OK 7 B URL HTTP/1.1 excretekings.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSzWsk1Rd9lV9m8XM2GtwMKJQ7BelU9Ue62xGGiWMkGDNxZiRb31d1nnldr3ivqqsTGAgOyLhrRcFl5XQyQQ0y8weI0nEzBBcpFQlidm5cCYJr6U5D44Wqe889b3HOvfej%2FeyCBMjo%2BcY7ZldpTRcblcB%2FeVPFwuTOX7%2Fnh0EluO5vqnipft3vj3%2B291oYNCrBK%2F5bkm%2BbxWoQBkEYhP6KsjIy%2FcUJC5Uct8NKO6jUq5WwUUff%2Fhe7zIOjHkTvgixAifLK1tMnUHyEuPv4lnTbqUlefbObaZoai544ei%2Fejk0eozsrI%2Bshio%2Bmr2FcScgXczDx0dQBTO9g7ABMlcT7NQSLj6YywXqHl0qZhozBxFXkvRGkHkHREbh5ACXOCMAF1m8j7j5aNzanO5csHbMlmf%2Fnb6i8JPO%2FP4%2B4%2B82yVn3%2FrtFZqkzs0I8KqP4IqjNCkp0g3fWg8hPw9EMoQRB3CyhRTFwrNYKKRtByAOo8ZONPecgiD1nioSvOfdpoR0HQjFhUq7XqnPNajfNGa0k0RK3eigJkfCxrgDQZgOsBuN1DYvewrT49ayycra3CZt%2FDbRVwwoNLS%2BK9u4eeKJBLgtwR5JQgVwR5SpD3ikOhXdUVj4R2GQunuTrNtWJo0s4%2BPTRpR8ZkP7kgz42n4v1%2F4QVsy3Of83orqnPerDIRUhZw0VwSnLaCeou22kscThVQbm5ieFeV5Mqf95GokszRH8HoCZw%2BAVfPgmYvgubDZjUA3RrWWwF24%2BN%2Bvx8pLV2Fmy6EKZCk80h3vH19Qa5NtvP6%2Fc8h%2BSmZBrgtkNgCH6gfCDr64fCOycnBHZM78uR2kqqu2qXjzd1NaSq9r96WO7mxYvWWG3x5k4%2BJcXl8T7p0jcZCxR1Hvl5WQki7YiyX5NtVtynZRua2ljMbZ8naxhsrq93ESueUiUegqiTk4jdwVZKrz7w0uUr%2Fs6dQdgSbFehmM63KjMCTPbhk1nOGwOoZZomHPCuGtspmTa0ItJxhygo4eXrj8R%2Fv3%2Fy4uQYmT7%2F765Lbdw%2FRsR5o%2BmByiz1boKcLUD2Ay%2F43TBN7euOn2iTAtDdk2noHTFv9yeVwnTr3ZSMKIhlUJYvaLGrSQLSjepvRdiibrEFDpK7kP%2F9y7V8AAAD%2F%2FwEAAP%2F%2FoyikXG0EAAA%3D
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSzWsk1Rd9lV9m8XM2GtwMKJQ7BelU9Ue62xGGiWMkGDNxZiRb31d1nnldr3ivqqsTGAgOyLhrRcFl5XQyQQ0y8weI0nEzBBcpFQlidm5cCYJr6U5D44Wqe889b3HOvfej%2FeyCBMjo%2BcY7ZldpTRcblcB%2FeVPFwuTOX7%2Fnh0EluO5vqnipft3vj3%2B291oYNCrBK%2F5bkm%2BbxWoQBkEYhP6KsjIy%2FcUJC5Uct8NKO6jUq5WwUUff%2Fhe7zIOjHkTvgixAifLK1tMnUHyEuPv4lnTbqUlefbObaZoai544ei%2Fejk0eozsrI%2Bshio%2Bmr2FcScgXczDx0dQBTO9g7ABMlcT7NQSLj6YywXqHl0qZhozBxFXkvRGkHkHREbh5ACXOCMAF1m8j7j5aNzanO5csHbMlmf%2Fnb6i8JPO%2FP4%2B4%2B82yVn3%2FrtFZqkzs0I8KqP4IqjNCkp0g3fWg8hPw9EMoQRB3CyhRTFwrNYKKRtByAOo8ZONPecgiD1nioSvOfdpoR0HQjFhUq7XqnPNajfNGa0k0RK3eigJkfCxrgDQZgOsBuN1DYvewrT49ayycra3CZt%2FDbRVwwoNLS%2BK9u4eeKJBLgtwR5JQgVwR5SpD3ikOhXdUVj4R2GQunuTrNtWJo0s4%2BPTRpR8ZkP7kgz42n4v1%2F4QVsy3Of83orqnPerDIRUhZw0VwSnLaCeou22kscThVQbm5ieFeV5Mqf95GokszRH8HoCZw%2BAVfPgmYvgubDZjUA3RrWWwF24%2BN%2Bvx8pLV2Fmy6EKZCk80h3vH19Qa5NtvP6%2Fc8h%2BSmZBrgtkNgCH6gfCDr64fCOycnBHZM78uR2kqqu2qXjzd1NaSq9r96WO7mxYvWWG3x5k4%2BJcXl8T7p0jcZCxR1Hvl5WQki7YiyX5NtVtynZRua2ljMbZ8naxhsrq93ESueUiUegqiTk4jdwVZKrz7w0uUr%2Fs6dQdgSbFehmM63KjMCTPbhk1nOGwOoZZomHPCuGtspmTa0ItJxhygo4eXrj8R%2Fv3%2Fy4uQYmT7%2F765Lbdw%2FRsR5o%2BmByiz1boKcLUD2Ay%2F43TBN7euOn2iTAtDdk2noHTFv9yeVwnTr3ZSMKIhlUJYvaLGrSQLSjepvRdiibrEFDpK7kP%2F9y7V8AAAD%2F%2FwEAAP%2F%2FoyikXG0EAAA%3D HTTP/1.1
Host: excretekings.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Cookie: u_pl=17371676; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 28 Jan 2023 07:56:09 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 69d7e7ed4f163c8a461ae400c74e7aa3
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.barscreative1.com/sb/au/5e/2f/d4/5e2fd4b3d4c51bdf7b2952c27a9795ef/1652872195.html
45.133.44.3200 OK 955 B URL HTTP/2 cdn.barscreative1.com/sb/au/5e/2f/d4/5e2fd4b3d4c51bdf7b2952c27a9795ef/1652872195.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text
Hash 3311b451b6e90781dab5ae61a1e4f65d
940e4700d9c5fbf74f8c15dcf10c28661e34cf2c
3def788280ca0f9ba09e050e3f3bfba82e5268fe2104f1c02a8f265c12774023
Analyzer Verdict Alert fortinet Phishing
GET /sb/au/5e/2f/d4/5e2fd4b3d4c51bdf7b2952c27a9795ef/1652872195.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.xxxfiles.com
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:09 GMT
content-type: text/html; charset=utf-8
content-length: 955
server: nginx/1.17.6
last-modified: Wed, 18 May 2022 11:09:59 GMT
etag: "6284d407-3bb"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
expires: Sat, 28 Jan 2023 08:56:09 GMT
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/click/3343108155670278095?kw=Blowjob%2Ccum%20in%20mouth%2CEbony%2Cnatural%20tits%2Coil%2Cadulttime.com%2Cnurumassage.com%2Cnurumassage%2CDemi%20Sutra%2CCodey%20Steele&s1=%25subid1%25&t=5&ab=0&keywords=Blowjob,cum%20in%20mouth,Ebony,natural%20tits,oil,adulttime.com,nurumassage.com,nurumassage,Demi%20Sutra,Codey%20Steele&w=1280&h=1024&domain=www.xxxfiles.com&rnd=0.7773994919588004
135.181.208.216200 OK 686 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/click/3343108155670278095?kw=Blowjob%2Ccum%20in%20mouth%2CEbony%2Cnatural%20tits%2Coil%2Cadulttime.com%2Cnurumassage.com%2Cnurumassage%2CDemi%20Sutra%2CCodey%20Steele&s1=%25subid1%25&t=5&ab=0&keywords=Blowjob,cum%20in%20mouth,Ebony,natural%20tits,oil,adulttime.com,nurumassage.com,nurumassage,Demi%20Sutra,Codey%20Steele&w=1280&h=1024&domain=www.xxxfiles.com&rnd=0.7773994919588004
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash efdf476fd44373512734ecbeefa8d91d
15500cb69fb89de303d5abc594239689e979a433
c1e75f2549df460864662f2743517ffcbacdc5192a02fc82396fb8b939cb5ebf
GET /api/click/3343108155670278095?kw=Blowjob%2Ccum%20in%20mouth%2CEbony%2Cnatural%20tits%2Coil%2Cadulttime.com%2Cnurumassage.com%2Cnurumassage%2CDemi%20Sutra%2CCodey%20Steele&s1=%25subid1%25&t=5&ab=0&keywords=Blowjob,cum%20in%20mouth,Ebony,natural%20tits,oil,adulttime.com,nurumassage.com,nurumassage,Demi%20Sutra,Codey%20Steele&w=1280&h=1024&domain=www.xxxfiles.com&rnd=0.7773994919588004 HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Cookie: nauid=7L5mIom56rEFN5rNHwyf
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:56:09 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1674892501/87188060
104.18.63.124200 OK 30 kB URL HTTP/2 img.strpst.com/thumbs/1674892501/87188060
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash d605cabd85f209679a1c5775cdf3b5b7
7ddced9e839220380e9601b45672b3aea1a2357e
f567aa976cfec0df8c6e50fa06e4209dd612823521b6dd7d62e32db61afa31ef
GET /thumbs/1674892501/87188060 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:09 GMT
content-type: image/jpeg
content-length: 29862
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=30852, status=webp_bigger
etag: "a148e6c50ce66eb6d072112a4be6bd98"
last-modified: Sat, 28 Jan 2023 07:54:45 GMT
cf-cache-status: HIT
age: 35
expires: Sat, 28 Jan 2023 08:26:09 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79082b7fc97eb506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1674892501/80896847
104.18.63.124200 OK 36 kB URL HTTP/2 img.strpst.com/thumbs/1674892501/80896847
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash dbe5bacc40b74ad20cf885bc07350b4a
3f59d46c695a332da3d0c4f5f76d0b0d950a947a
efaca922cc65cdac7c8260c163681b4df68d1c51c090816be150f142b15240fe
GET /thumbs/1674892501/80896847 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:09 GMT
content-type: image/jpeg
content-length: 35535
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=36987, status=webp_bigger
etag: "40151f2b6d2d7761b453ee83547f3406"
last-modified: Sat, 28 Jan 2023 07:54:42 GMT
cf-cache-status: HIT
age: 32
expires: Sat, 28 Jan 2023 08:26:09 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79082b7fd995b506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1674892501/96689290
104.18.63.124200 OK 34 kB URL HTTP/2 img.strpst.com/thumbs/1674892501/96689290
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash e9232f7580caa45589fe74083a9bb3f0
b31ddb5d7ff9d1c95812c37be676f73d3c8a5a10
5b872889c655d0951e04189a4672bae31c212c658bb7d33425888948a461f312
GET /thumbs/1674892501/96689290 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:09 GMT
content-type: image/jpeg
content-length: 34451
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=35889, status=webp_bigger
etag: "31f8112f068bf942b52b2e71587d1968"
last-modified: Sat, 28 Jan 2023 07:54:50 GMT
cf-cache-status: HIT
age: 32
expires: Sat, 28 Jan 2023 08:26:09 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79082b7fd996b506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1674892501/68330290
104.18.63.124200 OK 61 kB URL HTTP/2 img.strpst.com/thumbs/1674892501/68330290
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash 91c009657a36edfe09749ab3f52b52a2
b50c98900a495a45d3fab871e7a6f853eb9c1208
5ca352cfad6ce919e23dac57c31e685bac23e44cce00b53483044185ee0bd43f
GET /thumbs/1674892501/68330290 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:09 GMT
content-type: image/jpeg
content-length: 60917
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=63777, status=webp_bigger
etag: "faebeadf9303d1a1b7423ba409dd0233"
last-modified: Sat, 28 Jan 2023 07:54:37 GMT
cf-cache-status: HIT
age: 32
expires: Sat, 28 Jan 2023 08:26:09 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79082b7fd9a1b506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1674892501/92471203
104.18.63.124200 OK 26 kB URL HTTP/2 img.strpst.com/thumbs/1674892501/92471203
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash 8a26f93acf726a533573980b86569606
9e70c21b70b5bc295496660e34a7a16b4936f808
a04cafa079077a9a61afa89dd5c8395c1a82f78487ea7a2fee48031fb8676f0a
GET /thumbs/1674892501/92471203 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:09 GMT
content-type: image/jpeg
content-length: 26151
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=27557, status=webp_bigger
etag: "f4e7377f73f6d9faa48222b2b34b79c3"
last-modified: Sat, 28 Jan 2023 07:54:30 GMT
cf-cache-status: HIT
age: 32
expires: Sat, 28 Jan 2023 08:26:09 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79082b7fe9a2b506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1674892501/78659813
104.18.63.124200 OK 21 kB URL HTTP/2 img.strpst.com/thumbs/1674892501/78659813
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash a13272856969bddf16fa96e83e0a7ff9
dd344a95662b3ef94cbbfd9942e7b8ae500976d5
cf78bb825f8753979a7a626ad4ae20a98529e827aa11f4a2bb096395f88cd063
GET /thumbs/1674892501/78659813 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:09 GMT
content-type: image/jpeg
content-length: 21209
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=22127, status=webp_bigger
etag: "739d8fabb1bf180117307e8c41dbb68f"
last-modified: Sat, 28 Jan 2023 07:55:19 GMT
cf-cache-status: HIT
age: 32
expires: Sat, 28 Jan 2023 08:26:09 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79082b7fe9aab506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1674892501/15739582
104.18.63.124200 OK 46 kB URL HTTP/2 img.strpst.com/thumbs/1674892501/15739582
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash 49f66eed0577447becc3ffcaeb70c44a
65647f1f98d1147ca1e04e3b30e1ca7729759cfa
8427200a0353ef7715ad683b6fe3ef85e418b001a4fdea206fc805713a43ff7c
GET /thumbs/1674892501/15739582 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:09 GMT
content-type: image/jpeg
content-length: 46224
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=47882, status=webp_bigger
etag: "8ab9684189b415f113d962daa1114b2f"
last-modified: Sat, 28 Jan 2023 07:55:02 GMT
cf-cache-status: HIT
age: 32
expires: Sat, 28 Jan 2023 08:26:09 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79082b7fe9abb506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e3b8a8bc98172e8a530326f7d16570cd
4555b6600b5d18b4e5850a756fb47ead0e5c486e
12061f433c479a860c65363d2243aba95ad34ac6664e84c5c5ed9a2d8c343f8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12061F433C479A860C65363D2243ABA95AD34AC6664E84C5C5ED9A2D8C343F8C"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9779
Expires: Sat, 28 Jan 2023 10:39:08 GMT
Date: Sat, 28 Jan 2023 07:56:09 GMT
Connection: keep-alive
img.strpst.com/thumbs/1674892501/85011456
104.18.63.124200 OK 20 kB URL HTTP/2 img.strpst.com/thumbs/1674892501/85011456
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash 1dad81ae4c60f39047b4d2875a2f85b8
edd4913cf7916e850a0ead45069c56f750d00dbe
03f331b1f1971a8c3d6146ce749fced7b4dbcc985708b2c66f40855b059ccf48
GET /thumbs/1674892501/85011456 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:09 GMT
content-type: image/jpeg
content-length: 19470
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=20442, status=webp_bigger
etag: "17b41400f24073c6ccf986373aeb0b93"
last-modified: Sat, 28 Jan 2023 07:55:07 GMT
cf-cache-status: HIT
age: 32
expires: Sat, 28 Jan 2023 08:26:09 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79082b8019d3b506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1674892501/84786437
104.18.63.124200 OK 21 kB URL HTTP/2 img.strpst.com/thumbs/1674892501/84786437
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash ff9a7e7f712ae360f5afe0af1305f170
ac56bc8ede6ed536b79d2f66d7dc14c1a8b6bbb8
bd077f4bd0ec688ad3461c9ee74eecc61413e9a38f97a30ce08d95417bcc5d12
GET /thumbs/1674892501/84786437 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:09 GMT
content-type: image/jpeg
content-length: 21304
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=22057, status=webp_bigger
etag: "1613c3304bcdf42e36397aa81df3b161"
last-modified: Sat, 28 Jan 2023 07:54:42 GMT
cf-cache-status: HIT
age: 32
expires: Sat, 28 Jan 2023 08:26:09 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79082b8019d6b506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e3b8a8bc98172e8a530326f7d16570cd
4555b6600b5d18b4e5850a756fb47ead0e5c486e
12061f433c479a860c65363d2243aba95ad34ac6664e84c5c5ed9a2d8c343f8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12061F433C479A860C65363D2243ABA95AD34AC6664E84C5C5ED9A2D8C343F8C"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9779
Expires: Sat, 28 Jan 2023 10:39:08 GMT
Date: Sat, 28 Jan 2023 07:56:09 GMT
Connection: keep-alive
img.strpst.com/thumbs/1674892501/91557947
104.18.63.124200 OK 29 kB URL HTTP/2 img.strpst.com/thumbs/1674892501/91557947
IP 104.18.63.124:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 480x360, components 3\012- data
Hash 8f8786aef3366d6ec067515f6be016d7
4238e78e00e82029e9d766e26dd5fdf969b3cd71
c6e5084794e51da9f61e8c070d5118476ff708ca08ffbcde24804b5df5463747
GET /thumbs/1674892501/91557947 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:09 GMT
content-type: image/jpeg
content-length: 28896
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cf-bgj: imgq:100,h2pri
cf-polished: origSize=29995, status=webp_bigger
etag: "5cf41bfd70f8c58f6ef93e9c679ed6da"
last-modified: Sat, 28 Jan 2023 07:54:45 GMT
cf-cache-status: HIT
age: 32
expires: Sat, 28 Jan 2023 08:26:09 GMT
cache-control: public, max-age=1800
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79082b8019d4b506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e3b8a8bc98172e8a530326f7d16570cd
4555b6600b5d18b4e5850a756fb47ead0e5c486e
12061f433c479a860c65363d2243aba95ad34ac6664e84c5c5ed9a2d8c343f8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12061F433C479A860C65363D2243ABA95AD34AC6664E84C5C5ED9A2D8C343F8C"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9779
Expires: Sat, 28 Jan 2023 10:39:08 GMT
Date: Sat, 28 Jan 2023 07:56:09 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5a72a7d6b0d8ab59142fe25c54fb241f
c21c5ee74f2cb78d98da382a7afb782f908f296c
857124b6bbe7538b5e1068f5173a85bd3d977308095c16410bf79b369ed773f7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "857124B6BBE7538B5E1068F5173A85BD3D977308095C16410BF79B369ED773F7"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14196
Expires: Sat, 28 Jan 2023 11:52:45 GMT
Date: Sat, 28 Jan 2023 07:56:09 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e3b8a8bc98172e8a530326f7d16570cd
4555b6600b5d18b4e5850a756fb47ead0e5c486e
12061f433c479a860c65363d2243aba95ad34ac6664e84c5c5ed9a2d8c343f8c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "12061F433C479A860C65363D2243ABA95AD34AC6664E84C5C5ED9A2D8C343F8C"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9779
Expires: Sat, 28 Jan 2023 10:39:08 GMT
Date: Sat, 28 Jan 2023 07:56:09 GMT
Connection: keep-alive
go.xlviiirdr.com/smartpop/68260928b57f412a654bda3f2409e8c9a61a69f506dc4ba3c073a43c2be31490?userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&xhVersion=1&memberId=5280a644-bd79-4670-9a59-771fec7049b6&sourceId=7003&p1=45081&p2=68073&contentType=video/mp4&no_bb=1
104.18.51.106302 Found 0 B URL HTTP/2 go.xlviiirdr.com/smartpop/68260928b57f412a654bda3f2409e8c9a61a69f506dc4ba3c073a43c2be31490?userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&xhVersion=1&memberId=5280a644-bd79-4670-9a59-771fec7049b6&sourceId=7003&p1=45081&p2=68073&contentType=video/mp4&no_bb=1
IP 104.18.51.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/68260928b57f412a654bda3f2409e8c9a61a69f506dc4ba3c073a43c2be31490?userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&xhVersion=1&memberId=5280a644-bd79-4670-9a59-771fec7049b6&sourceId=7003&p1=45081&p2=68073&contentType=video/mp4&no_bb=1 HTTP/1.1
Host: go.xlviiirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 28 Jan 2023 07:56:09 GMT
content-length: 0
location: https://go.xlirdr.com/api/models/vast?campaignId=68260928b57f412a654bda3f2409e8c9a61a69f506dc4ba3c073a43c2be31490&campaignType=smartpop&contentType=video%2Fmp4&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397620&masterSmartpopId=2683&memberId=5280a644-bd79-4670-9a59-771fec7049b6&no_bb=1&p1=45081&p2=68073&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3594&sourceId=7003&tag=-girls%2Findian&targetDomain=cambaddies.com&userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&variationId=30208&videosList=oil-show11&xhVersion=1
access-control-allow-origin: https://www.xxxfiles.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=8782564.30208; Path=/; HttpOnly; SameSite=Strict
__cflb=04dToQvE4FPLng5Mz6amGAT9NT3YTL971a2NBRkTEt; SameSite=None; Secure; path=/; expires=Sun, 29-Jan-23 06:56:09 GMT; HttpOnly
server: cloudflare
cf-ray: 79082b810b04b4f4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4675bd0dbda20e272b32eb9db03f35d8
aa655fd97778059913ab170765257aaef33e7119
a9bb5d439a01135af6d41e60455509b20fee27f7661ad81f6cb955ffdc9c1f12
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A9BB5D439A01135AF6D41E60455509B20FEE27F7661AD81F6CB955FFDC9C1F12"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6697
Expires: Sat, 28 Jan 2023 09:47:46 GMT
Date: Sat, 28 Jan 2023 07:56:09 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5a72a7d6b0d8ab59142fe25c54fb241f
c21c5ee74f2cb78d98da382a7afb782f908f296c
857124b6bbe7538b5e1068f5173a85bd3d977308095c16410bf79b369ed773f7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "857124B6BBE7538B5E1068F5173A85BD3D977308095C16410BF79B369ED773F7"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14196
Expires: Sat, 28 Jan 2023 11:52:45 GMT
Date: Sat, 28 Jan 2023 07:56:09 GMT
Connection: keep-alive
cdn.cloudimagesb.com/si/ec/b4/2d/ecb42d6df80688dbe1a2d4b5ae314a69/1674718493.png
45.133.44.10200 OK 72 kB URL HTTP/2 cdn.cloudimagesb.com/si/ec/b4/2d/ecb42d6df80688dbe1a2d4b5ae314a69/1674718493.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 3b52ff58777ebd2f6f0923c8c2c1f7b5
48ccafa84250de3238f34a3ee9d56ea9768c1b37
6f7e28e36c851a9f71aea32e550e8e8dc25b723f1cdaaa8c302a7570244bd870
GET /si/ec/b4/2d/ecb42d6df80688dbe1a2d4b5ae314a69/1674718493.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:09 GMT
content-type: image/png
content-length: 71988
server: nginx/1.17.6
last-modified: Thu, 26 Jan 2023 07:35:02 GMT
etag: "63d22d26-11934"
expires: Mon, 30 Jan 2023 07:56:09 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
go.xlviirdr.com/easy?campaignId=c533dbc0f41c2b796a32d2a5b47a83e9bda4023ac0013483b9b2babeed7e9745&userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&xhVersion=1&skipOffset=00:00:05&memberId=f5b50fb9-2f9f-4dfb-a10e-d63515870d0a&contentType=video/mp4&no_bb=1
104.18.51.106302 Found 0 B URL HTTP/2 go.xlviirdr.com/easy?campaignId=c533dbc0f41c2b796a32d2a5b47a83e9bda4023ac0013483b9b2babeed7e9745&userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&xhVersion=1&skipOffset=00:00:05&memberId=f5b50fb9-2f9f-4dfb-a10e-d63515870d0a&contentType=video/mp4&no_bb=1
IP 104.18.51.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /easy?campaignId=c533dbc0f41c2b796a32d2a5b47a83e9bda4023ac0013483b9b2babeed7e9745&userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&xhVersion=1&skipOffset=00:00:05&memberId=f5b50fb9-2f9f-4dfb-a10e-d63515870d0a&contentType=video/mp4&no_bb=1 HTTP/1.1
Host: go.xlviirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 28 Jan 2023 07:56:10 GMT
content-length: 0
location: https://go.xlirdr.com/api/models/vast?campaignId=c533dbc0f41c2b796a32d2a5b47a83e9bda4023ac0013483b9b2babeed7e9745&campaignType=easylink&contentType=video%2Fmp4&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397801&masterSmartpopId=2683&memberId=f5b50fb9-2f9f-4dfb-a10e-d63515870d0a&no_bb=1&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=7098&tag=-girls%2Findian&userId=8111a78ac0390b35b9e36eb081aa8902cd1e6c225468fe1d990e47cd786d8768&variationId=30208&videosList=oil-show11&xhVersion=1
access-control-allow-origin: https://www.xxxfiles.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=67561389.30208; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCeScBLPeXxw9eeb8p1zPW3LmBtHA; SameSite=None; Secure; path=/; expires=Sun, 29-Jan-23 06:56:10 GMT; HttpOnly
server: cloudflare
cf-ray: 79082b8278c1b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/SFUIText-Regular.woff
172.64.166.9200 OK 73 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/SFUIText-Regular.woff
IP 172.64.166.9:0
Hash 9f6d3b597775aa12fd9d49c83aea2344
6f68520fbe625df05d80eae891ebe8c60fc528ac
d3da19fd001c4e3ec6a622d5fbaea052cb8eca6835a4f42e24c6ee12cd7ded19
GET /sb/notifications/software/us/ios/desk-new-big/SFUIText-Regular.woff HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.xxxfiles.com
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:10 GMT
content-type: application/font-woff
content-length: 72696
last-modified: Wed, 17 Feb 2021 11:42:38 GMT
etag: "602d012e-11bf8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 164140
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=izzbaH5s9eelSJ%2FePZu25jrcpa05iDhJ1SYCS8icrcJnI5c3tjEh4kTZO97gzInPL%2F3Rl1KQXtHL2SOpsJDd8GVpqSoxBXIN%2BmF74cTx%2BcoQUCIh5NsiG%2Brwld%2B8LmZKeoHKf%2Fcf3CgG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79082b82c93874e1-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
excretekings.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skVRd9lS%2Bz%2BJyNBjcDCuVOQTpV%2FSPd7QjDxDESjJk4M5Ktr9571XnmVb3ivaquTmAgOCDjrhUFl5XTyQQ1yMwfIErFzRBcpFQkiNm5cSUIrqU7DY0Xqu4997zFOffej%2FazC%2BIho%2Bcb7%2BhdqRRdbNU89%2BVNGXOdW3f9nut7Ne%2B6uynjpeZ1dzD%2Bmf5rvteqea%2B4bwm2rRfrnu95vue7K9KIUA8WJyxkctz1a12v1qzX%2FFYTA%2FNfbDMHljrg%2FQuyAMmrK1tPn0CyEnH0%2BJaw26lOXn0zyhRNtUGfH70Xb8c6jxHNytA4COOj6WtoWxHyxRx0fDR1AN0%2FGDtAICvi%2FOojiI%2BmMhH0Dy%2BVBgoiRsCvIu%2BXEKqEpCWYfgDJzwjAONZvI44erWuT051Llo7Zisz%2F8zdkXpH5359HHH2zrOTAvatVlkodWwzCAnJQQvZKJNkJ0l0HMj8BSz%2BE5ARxVEDyYuJayhIyLKHEENQ6yMafdJCFDrLEQcTPXdrqhp7XDoOw0eg0GWONBmOtzhJv8UazE3rI2FjWEGkyBFNDMLOHxOxhW3561lo4W1uFyb6H3SpguQObVsR5dw99XiAXBLklyClBLgnylCDvF4dc2botHnFls8Cf5vo0N4qRTnv79FCnPRGT%2FeSCPDeeivP%2FhRewLc5dxpqdsMlYux5wnwYe4%2B0lzmjHa3Zop7vEYGUBaecmhndlRa78eR%2BJrMgc%2FREBPYFVJ2DyWdDsRdB81K57oFujZsfDbnw8GAxCqYStMR2B6wJJOo90x9lXF%2BTaZDuv3%2F8cgp2SaYCZAokp8IH8gaCnHo7u6Jwc3NG5JU9uJ6mM5C4db%2B5uSlPhfPW22Mm14au37PDLm2xMjMvje8KmazTmMu5Z8vWy5FyYFW2YIN%2Bu2k0RbGR2azkzcZasbbyxsholRlgrdVyCyoqQi9%2FAZEWuPvPS5Crdz55CmhImKxBlM61Sl2DJHmwy61lNYNQMB4mDPCtGph7MmkoSKDHDNChgxemNx3%2B8f%2FPj9hoCcfrdX5fcvn2InnFA0weTW%2BybAn1VgKohbPa%2FUZqY0xs%2FNSaBQDmjQBnnIFBGfXI5XCvP3ZbfFJ2g02acB4Jxv11vdBqeV%2Be82e4Kv4vUVuznX679CwAA%2F%2F8BAAD%2F%2F7cgKrptBAAA
192.243.59.20200 OK 7 B URL HTTP/1.1 excretekings.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skVRd9lS%2Bz%2BJyNBjcDCuVOQTpV%2FSPd7QjDxDESjJk4M5Ktr9571XnmVb3ivaquTmAgOCDjrhUFl5XTyQQ1yMwfIErFzRBcpFQkiNm5cSUIrqU7DY0Xqu4997zFOffej%2FazC%2BIho%2Bcb7%2BhdqRRdbNU89%2BVNGXOdW3f9nut7Ne%2B6uynjpeZ1dzD%2Bmf5rvteqea%2B4bwm2rRfrnu95vue7K9KIUA8WJyxkctz1a12v1qzX%2FFYTA%2FNfbDMHljrg%2FQuyAMmrK1tPn0CyEnH0%2BJaw26lOXn0zyhRNtUGfH70Xb8c6jxHNytA4COOj6WtoWxHyxRx0fDR1AN0%2FGDtAICvi%2FOojiI%2BmMhH0Dy%2BVBgoiRsCvIu%2BXEKqEpCWYfgDJzwjAONZvI44erWuT051Llo7Zisz%2F8zdkXpH5359HHH2zrOTAvatVlkodWwzCAnJQQvZKJNkJ0l0HMj8BSz%2BE5ARxVEDyYuJayhIyLKHEENQ6yMafdJCFDrLEQcTPXdrqhp7XDoOw0eg0GWONBmOtzhJv8UazE3rI2FjWEGkyBFNDMLOHxOxhW3561lo4W1uFyb6H3SpguQObVsR5dw99XiAXBLklyClBLgnylCDvF4dc2botHnFls8Cf5vo0N4qRTnv79FCnPRGT%2FeSCPDeeivP%2FhRewLc5dxpqdsMlYux5wnwYe4%2B0lzmjHa3Zop7vEYGUBaecmhndlRa78eR%2BJrMgc%2FREBPYFVJ2DyWdDsRdB81K57oFujZsfDbnw8GAxCqYStMR2B6wJJOo90x9lXF%2BTaZDuv3%2F8cgp2SaYCZAokp8IH8gaCnHo7u6Jwc3NG5JU9uJ6mM5C4db%2B5uSlPhfPW22Mm14au37PDLm2xMjMvje8KmazTmMu5Z8vWy5FyYFW2YIN%2Bu2k0RbGR2azkzcZasbbyxsholRlgrdVyCyoqQi9%2FAZEWuPvPS5Crdz55CmhImKxBlM61Sl2DJHmwy61lNYNQMB4mDPCtGph7MmkoSKDHDNChgxemNx3%2B8f%2FPj9hoCcfrdX5fcvn2InnFA0weTW%2BybAn1VgKohbPa%2FUZqY0xs%2FNSaBQDmjQBnnIFBGfXI5XCvP3ZbfFJ2g02acB4Jxv11vdBqeV%2Be82e4Kv4vUVuznX679CwAA%2F%2F8BAAD%2F%2F7cgKrptBAAA
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skVRd9lS%2Bz%2BJyNBjcDCuVOQTpV%2FSPd7QjDxDESjJk4M5Ktr9571XnmVb3ivaquTmAgOCDjrhUFl5XTyQQ1yMwfIErFzRBcpFQkiNm5cSUIrqU7DY0Xqu4997zFOffej%2FazC%2BIho%2Bcb7%2BhdqRRdbNU89%2BVNGXOdW3f9nut7Ne%2B6uynjpeZ1dzD%2Bmf5rvteqea%2B4bwm2rRfrnu95vue7K9KIUA8WJyxkctz1a12v1qzX%2FFYTA%2FNfbDMHljrg%2FQuyAMmrK1tPn0CyEnH0%2BJaw26lOXn0zyhRNtUGfH70Xb8c6jxHNytA4COOj6WtoWxHyxRx0fDR1AN0%2FGDtAICvi%2FOojiI%2BmMhH0Dy%2BVBgoiRsCvIu%2BXEKqEpCWYfgDJzwjAONZvI44erWuT051Llo7Zisz%2F8zdkXpH5359HHH2zrOTAvatVlkodWwzCAnJQQvZKJNkJ0l0HMj8BSz%2BE5ARxVEDyYuJayhIyLKHEENQ6yMafdJCFDrLEQcTPXdrqhp7XDoOw0eg0GWONBmOtzhJv8UazE3rI2FjWEGkyBFNDMLOHxOxhW3561lo4W1uFyb6H3SpguQObVsR5dw99XiAXBLklyClBLgnylCDvF4dc2botHnFls8Cf5vo0N4qRTnv79FCnPRGT%2FeSCPDeeivP%2FhRewLc5dxpqdsMlYux5wnwYe4%2B0lzmjHa3Zop7vEYGUBaecmhndlRa78eR%2BJrMgc%2FREBPYFVJ2DyWdDsRdB81K57oFujZsfDbnw8GAxCqYStMR2B6wJJOo90x9lXF%2BTaZDuv3%2F8cgp2SaYCZAokp8IH8gaCnHo7u6Jwc3NG5JU9uJ6mM5C4db%2B5uSlPhfPW22Mm14au37PDLm2xMjMvje8KmazTmMu5Z8vWy5FyYFW2YIN%2Bu2k0RbGR2azkzcZasbbyxsholRlgrdVyCyoqQi9%2FAZEWuPvPS5Crdz55CmhImKxBlM61Sl2DJHmwy61lNYNQMB4mDPCtGph7MmkoSKDHDNChgxemNx3%2B8f%2FPj9hoCcfrdX5fcvn2InnFA0weTW%2BybAn1VgKohbPa%2FUZqY0xs%2FNSaBQDmjQBnnIFBGfXI5XCvP3ZbfFJ2g02acB4Jxv11vdBqeV%2Be82e4Kv4vUVuznX679CwAA%2F%2F8BAAD%2F%2F7cgKrptBAAA HTTP/1.1
Host: excretekings.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Cookie: u_pl=17371676; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 28 Jan 2023 07:56:10 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b3c53730f247e1a8594a17b1f6e17ce4
Strict-Transport-Security: max-age=0; includeSubdomains
hegdcrxavrtk.cdnvideo3.com/api/spots/1216195846658518095/1635934?fill=0&kw=Blowjob,cum%20in%20mouth,Ebony,natural%20tits,oil,adulttime.com,nurumassage.com,nurumassage,Demi%20Sutra,Codey%20Steele
135.181.208.216200 OK 1.8 kB URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/1216195846658518095/1635934?fill=0&kw=Blowjob,cum%20in%20mouth,Ebony,natural%20tits,oil,adulttime.com,nurumassage.com,nurumassage,Demi%20Sutra,Codey%20Steele
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
Hash 2a54ddecd738fa9651a361673a46ee78
964439e57be06a07f619aa6af71348be287d875d
a4fdf1e634672e235e078ad8b2c440266e8787e100dc3d0bdfe2dcceabb196a1
GET /api/spots/1216195846658518095/1635934?fill=0&kw=Blowjob,cum%20in%20mouth,Ebony,natural%20tits,oil,adulttime.com,nurumassage.com,nurumassage,Demi%20Sutra,Codey%20Steele HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Cookie: nauid=7L5mIom56rEFN5rNHwyf
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:56:08 GMT
content-type: text/xml
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://www.xxxfiles.com
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5850cb36999ff3744f9799e75a8e3e1d
7d2279a1e185859a24d2a2719fcaa9adbefedf36
c1fb2bffac75563982ad7054996ddeda6ebe5693e7df33052076eb233784a0f4
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C1FB2BFFAC75563982AD7054996DDEDA6EBE5693E7DF33052076EB233784A0F4"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1847
Expires: Sat, 28 Jan 2023 08:26:57 GMT
Date: Sat, 28 Jan 2023 07:56:10 GMT
Connection: keep-alive
excretekings.com/pixel/sbs?c=1
192.243.59.20200 OK 0 B URL HTTP/1.1 excretekings.com/pixel/sbs?c=1
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: excretekings.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Cookie: u_pl=17371676; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 28 Jan 2023 07:56:10 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 244c144d9e3049797c3775fc41a300ac
91ec040f29d84f92b27ccbd45f9995b37fc220d5
406cc515bdce8f0917fccea1712b4d1b43b8659a376ebcc90ca248a9210fe72b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "406CC515BDCE8F0917FCCEA1712B4D1B43B8659A376EBCC90CA248A9210FE72B"
Last-Modified: Wed, 25 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10038
Expires: Sat, 28 Jan 2023 10:43:28 GMT
Date: Sat, 28 Jan 2023 07:56:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 46eedcc98ff9d91f91cad728a0fd37ad
3db701a4b79c60f7de579e2a843b108ae699a5e8
fe6bb05dcc570c62b8597fcaae69e19f8e92568bfab2a82276d6d3694e6242d8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FE6BB05DCC570C62B8597FCAAE69E19F8E92568BFAB2A82276D6D3694E6242D8"
Last-Modified: Thu, 26 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6655
Expires: Sat, 28 Jan 2023 09:47:05 GMT
Date: Sat, 28 Jan 2023 07:56:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 46eedcc98ff9d91f91cad728a0fd37ad
3db701a4b79c60f7de579e2a843b108ae699a5e8
fe6bb05dcc570c62b8597fcaae69e19f8e92568bfab2a82276d6d3694e6242d8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FE6BB05DCC570C62B8597FCAAE69E19F8E92568BFAB2A82276D6D3694E6242D8"
Last-Modified: Thu, 26 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6655
Expires: Sat, 28 Jan 2023 09:47:05 GMT
Date: Sat, 28 Jan 2023 07:56:10 GMT
Connection: keep-alive
xml.serve-servee.com/thumbnail?i=017eCP8Aevg_0&p=1674892568.221566&imgt=icon
172.64.162.38302 Found 0 B URL HTTP/2 xml.serve-servee.com/thumbnail?i=017eCP8Aevg_0&p=1674892568.221566&imgt=icon
IP 172.64.162.38:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /thumbnail?i=017eCP8Aevg_0&p=1674892568.221566&imgt=icon HTTP/1.1
Host: xml.serve-servee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 28 Jan 2023 07:56:10 GMT
content-length: 0
location: https://static.serve-servee.com/n337/ad/300x300_IowD1YVbaTd1b9t5tKhN.jpeg
cache-control: no-store
age: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NPIdOM5vbpxgr0u6TnOZkIzJqxg%2FS3loyzx9NXyixQmKyM7Q%2BBHSml68c73q2F4nQI5yNorR%2ByGAb8vVUpoDva3aK9yRCecj8Q1rZ46XUAVmGVInzopkWS6Rjm6qtsuOukcHyu3VIA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79082b8539af886e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xml.serve-servee.com/thumbnail?i=2VDvbasU1o8_0&p=1674892568.221566&imgt=icon
172.64.162.38302 Found 0 B URL HTTP/2 xml.serve-servee.com/thumbnail?i=2VDvbasU1o8_0&p=1674892568.221566&imgt=icon
IP 172.64.162.38:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /thumbnail?i=2VDvbasU1o8_0&p=1674892568.221566&imgt=icon HTTP/1.1
Host: xml.serve-servee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 28 Jan 2023 07:56:10 GMT
content-length: 0
location: https://static.serve-servee.com/n337/ad/300x300_Wg3cKTLuRj8HdExmdUYY.png
cache-control: no-store
age: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BOeUBay%2FVe8VTb4THCrvnVLqF%2FQbWRVhl1e9JhtCxbQTjDxzOSMrGAdfxiwdncAcMdZuDN0cG2YGAc7TE6xLxvdeDCUF6SrWFSBKZ%2Bm89fsorctrqTnFyBcRuKkYkT1%2BDl3YZfhuiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79082b8559d0886e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5850cb36999ff3744f9799e75a8e3e1d
7d2279a1e185859a24d2a2719fcaa9adbefedf36
c1fb2bffac75563982ad7054996ddeda6ebe5693e7df33052076eb233784a0f4
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C1FB2BFFAC75563982AD7054996DDEDA6EBE5693E7DF33052076EB233784A0F4"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3087
Expires: Sat, 28 Jan 2023 08:47:37 GMT
Date: Sat, 28 Jan 2023 07:56:10 GMT
Connection: keep-alive
unseenreport.com/pxf.gif?uuid=f1dc827a-c588-43bd-9829-7b72decbc6f9&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=63d45b685911cef3b8cc3d1d1550bf85&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7
192.243.61.225200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=f1dc827a-c588-43bd-9829-7b72decbc6f9&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=63d45b685911cef3b8cc3d1d1550bf85&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=f1dc827a-c588-43bd-9829-7b72decbc6f9&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=63d45b685911cef3b8cc3d1d1550bf85&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=7 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 28 Jan 2023 07:56:10 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 044d7abb356027a66a8fc32dc17efacc
Strict-Transport-Security: max-age=0; includeSubdomains
go.xlirdr.com/api/models/vast?campaignId=68260928b57f412a654bda3f2409e8c9a61a69f506dc4ba3c073a43c2be31490&campaignType=smartpop&contentType=video%2Fmp4&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397620&masterSmartpopId=2683&memberId=5280a644-bd79-4670-9a59-771fec7049b6&no_bb=1&p1=45081&p2=68073&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3594&sourceId=7003&tag=-girls%2Findian&targetDomain=cambaddies.com&userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&variationId=30208&videosList=oil-show11&xhVersion=1
104.18.59.150200 OK 1.6 kB URL HTTP/2 go.xlirdr.com/api/models/vast?campaignId=68260928b57f412a654bda3f2409e8c9a61a69f506dc4ba3c073a43c2be31490&campaignType=smartpop&contentType=video%2Fmp4&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397620&masterSmartpopId=2683&memberId=5280a644-bd79-4670-9a59-771fec7049b6&no_bb=1&p1=45081&p2=68073&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3594&sourceId=7003&tag=-girls%2Findian&targetDomain=cambaddies.com&userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&variationId=30208&videosList=oil-show11&xhVersion=1
IP 104.18.59.150:0
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1991), with no line terminators
Hash e61f887bd8c3735206c4d92a1fd34c4b
ca147127cdf6778878ac63e065e380a083726111
cc54da6ad61c3897d1e7ed6581f93c92b2ba582d33b2043b48d4eb558c06005b
GET /api/models/vast?campaignId=68260928b57f412a654bda3f2409e8c9a61a69f506dc4ba3c073a43c2be31490&campaignType=smartpop&contentType=video%2Fmp4&creativeId=1aa4022af61bfad6ec7c637003dfb79b6edb7465c731eac0e6955245fc823c00&duration=00%3A00%3A30&endpoint=room&iterationId=397620&masterSmartpopId=2683&memberId=5280a644-bd79-4670-9a59-771fec7049b6&no_bb=1&p1=45081&p2=68073&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3594&sourceId=7003&tag=-girls%2Findian&targetDomain=cambaddies.com&userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&variationId=30208&videosList=oil-show11&xhVersion=1 HTTP/1.1
Host: go.xlirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: https://www.xxxfiles.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:10 GMT
content-type: text/xml; charset=utf-8
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuDfsBaY2bRYJiCeSF4mw3pyDiW7px3s4Qs9PkBrEp; SameSite=None; Secure; path=/; expires=Sun, 29-Jan-23 06:56:10 GMT; HttpOnly
server: cloudflare
cf-ray: 79082b82bf09b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 01fbb5081d55977d727a6dbe38732973
1f39295b78b8bc669e80fa074b99d4e16018d25d
cec2304e478326f943f72aea026a7ad6993afd7a105941339e37d335a6c3a625
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CEC2304E478326F943F72AEA026A7AD6993AFD7A105941339E37D335A6C3A625"
Last-Modified: Thu, 26 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4882
Expires: Sat, 28 Jan 2023 09:17:32 GMT
Date: Sat, 28 Jan 2023 07:56:10 GMT
Connection: keep-alive
www.googletagmanager.com/gtm.js?id=GTM-MJ29FD7
142.250.74.40200 OK 83 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-MJ29FD7
IP 142.250.74.40:0
File type ASCII text, with very long lines (59589)
Hash 3fb6377d4baa13f05d9e6ead7ecb6f3d
ad35f12d5a14b849b6a9883f2f60c80b6f1e5d55
98496f8bed9e89fe22e776d5d12c26467e9a06926b3e9c5ff3ff5f61acb0dcee
GET /gtm.js?id=GTM-MJ29FD7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 28 Jan 2023 07:56:10 GMT
expires: Sat, 28 Jan 2023 07:56:10 GMT
cache-control: private, max-age=900
last-modified: Sat, 28 Jan 2023 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 82682
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5d009aa992707f4a401dd58fee006c45
e1204776f8f42e48cc587afe92e36c0fcdee7841
a2c53ab69ad8e8131a71def9f631bd481171ccbb5186b35182c8b504b947e98b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A2C53AB69AD8E8131A71DEF9F631BD481171CCBB5186B35182C8B504B947E98B"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11079
Expires: Sat, 28 Jan 2023 11:00:49 GMT
Date: Sat, 28 Jan 2023 07:56:10 GMT
Connection: keep-alive
crjpgate.com/pu/?psid=ed_trronintdtno&utm_source=tr&ms_notrack=1&category=girl&site=jsm&target=postrttr&utm_medium=network&subaffid=10565_xxxfiles.com
93.93.51.223200 OK 1.1 kB URL HTTP/2 crjpgate.com/pu/?psid=ed_trronintdtno&utm_source=tr&ms_notrack=1&category=girl&site=jsm&target=postrttr&utm_medium=network&subaffid=10565_xxxfiles.com
IP 93.93.51.223:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash e18b6784d591c0e8761aaf37529f75c4
e000d80dab7dcf1298ecb6cd01903657361b979e
6d6c713d64362827b796d5a9b018768f4ba766b7641efccd3b09ed514e2f2558
GET /pu/?psid=ed_trronintdtno&utm_source=tr&ms_notrack=1&category=girl&site=jsm&target=postrttr&utm_medium=network&subaffid=10565_xxxfiles.com HTTP/1.1
Host: crjpgate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://twinrdsrv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:10 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-target-pstool: 400_320
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Mon, 27-Feb-23 07:56:10 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9d6da29c87dd16738025847536d4a146
5ac845f91e4cf647e8279ba052e5f458c9d48d2d
6415345be30db3be44c521d84e3f6d9e558842e84207ddd873d92cb6eba5cd8b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6415345BE30DB3BE44C521D84E3F6D9E558842E84207DDD873D92CB6EBA5CD8B"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3028
Expires: Sat, 28 Jan 2023 08:46:39 GMT
Date: Sat, 28 Jan 2023 07:56:11 GMT
Connection: keep-alive
pt-static4.jsmsat.com/npe/_common/script/adblock/advertisement-v579100.js
93.93.51.201200 OK 21 B URL HTTP/2 pt-static4.jsmsat.com/npe/_common/script/adblock/advertisement-v579100.js
IP 93.93.51.201:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type ASCII text, with no line terminators
Hash 01c6e7ecb819ef28b0c9b962513a1596
1a49f493db7b91ed34a7040d36732352b9a5dc39
e97a9988dce8067f81f57557b349dd481e0335e75175179b6b01322be2ff13a5
GET /npe/_common/script/adblock/advertisement-v579100.js HTTP/1.1
Host: pt-static4.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:11 GMT
content-type: application/javascript
content-length: 21
last-modified: Thu, 26 Jan 2023 08:34:02 GMT
etag: "63d23afa-15"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
pt-static1.jsmsat.com/npe/image/smilies_ex.png
93.93.51.201200 OK 8.5 kB URL HTTP/2 pt-static1.jsmsat.com/npe/image/smilies_ex.png
IP 93.93.51.201:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type PNG image data, 536 x 138, 8-bit colormap, non-interlaced\012- data
Hash 53fc00ebf44066190d5faea2a7931e7c
21178ac1ffb10f958d26d17a0fe49d5d31a00720
63526a6642f64fadb44cd33d634bb626f8e96af3f850215cfdd78a9c609fc85c
GET /npe/image/smilies_ex.png HTTP/1.1
Host: pt-static1.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:11 GMT
content-type: image/png
content-length: 8533
last-modified: Tue, 17 Jan 2023 08:36:49 GMT
etag: "63c65e21-2155"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
pt-static2.jsmsat.com/npe/bonuscredit/css/bonuscredit-v579100.css
93.93.51.201200 OK 75 kB URL HTTP/2 pt-static2.jsmsat.com/npe/bonuscredit/css/bonuscredit-v579100.css
IP 93.93.51.201:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash d3219fd1db3c8eb769ec103a8ce49a51
6da5bf5a51ace853eb6aaa8a23284f004fe7b7e1
02c5586f322c85f5780ed87db50d0ef0b8f0ebcdb67f25b089d0a2565afc6f9e
GET /npe/bonuscredit/css/bonuscredit-v579100.css HTTP/1.1
Host: pt-static2.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:10 GMT
content-type: text/css
last-modified: Thu, 26 Jan 2023 08:34:03 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"63d23afb-961"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
crprt.livejasmin.com/mqXkl/Qjn.gif?ms_rnd=1674892570.60727&pstool=400_320&psid=ed_trronintdtno&utm_source=tr&site=jsm&utm_medium=network&origin=twinrdsrv.com&categoryName=girl&subAffId=10565_xxxfiles.com
93.93.51.191200 OK 43 B URL HTTP/2 crprt.livejasmin.com/mqXkl/Qjn.gif?ms_rnd=1674892570.60727&pstool=400_320&psid=ed_trronintdtno&utm_source=tr&site=jsm&utm_medium=network&origin=twinrdsrv.com&categoryName=girl&subAffId=10565_xxxfiles.com
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /mqXkl/Qjn.gif?ms_rnd=1674892570.60727&pstool=400_320&psid=ed_trronintdtno&utm_source=tr&site=jsm&utm_medium=network&origin=twinrdsrv.com&categoryName=girl&subAffId=10565_xxxfiles.com HTTP/1.1
Host: crprt.livejasmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/post/play/vip/tic?ms_rnd=1674892570.60727&pstool=400_320&psid=ed_trronintdtno&utm_source=tr&category=girl&site=jsm&utm_medium=network&subaffid=10565_xxxfiles.com&origin=twinrdsrv.com
Cookie: psui=a59f007fbf3384ccc33cc586d5d348f0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:11 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Mon, 27-Feb-23 07:56:11 GMT; SameSite=None; Secure
expires: Sat, 28 Jan 2023 07:56:10 GMT
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dd8d00014a48afe0611b9e8e0072ee93
a1cd5893940812e6ba75628317ff6ab9a590577a
fd258192fbae52c1e463b8608ee99bcd04a5286a8e186295d1d28db0d7dcbb72
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD258192FBAE52C1E463B8608EE99BCD04A5286A8E186295D1D28DB0D7DCBB72"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12237
Expires: Sat, 28 Jan 2023 11:20:09 GMT
Date: Sat, 28 Jan 2023 07:56:12 GMT
Connection: keep-alive
crprt.livejasmin.com/vMmCH/pdI.gif?ms_rnd=1674892570.60727&pstool=400_18&psid=ed_trronintdtno&utm_source=tr&site=jsm&utm_medium=network&origin=twinrdsrv.com&categoryName=girl&subAffId=10565_xxxfiles.com&rrc=3
93.93.51.191200 OK 43 B URL HTTP/2 crprt.livejasmin.com/vMmCH/pdI.gif?ms_rnd=1674892570.60727&pstool=400_18&psid=ed_trronintdtno&utm_source=tr&site=jsm&utm_medium=network&origin=twinrdsrv.com&categoryName=girl&subAffId=10565_xxxfiles.com&rrc=3
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /vMmCH/pdI.gif?ms_rnd=1674892570.60727&pstool=400_18&psid=ed_trronintdtno&utm_source=tr&site=jsm&utm_medium=network&origin=twinrdsrv.com&categoryName=girl&subAffId=10565_xxxfiles.com&rrc=3 HTTP/1.1
Host: crprt.livejasmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/post/fslf?ms_rnd=1674892570.60727&pstool=400_18&psid=ed_trronintdtno&utm_source=tr&site=jsm&utm_medium=network&origin=twinrdsrv.com&categoryName=girl&subAffId=10565_xxxfiles.com&rrc=3
Cookie: psui=a59f007fbf3384ccc33cc586d5d348f0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:12 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Mon, 27-Feb-23 07:56:12 GMT; SameSite=None; Secure
expires: Sat, 28 Jan 2023 07:56:11 GMT
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
pt-static3.jsmsat.com/npe/bonuscredit/bonuscredit-v579100.js
93.93.51.201200 OK 9.7 kB URL HTTP/2 pt-static3.jsmsat.com/npe/bonuscredit/bonuscredit-v579100.js
IP 93.93.51.201:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash 8766a1ebc7c9a2f25d0ebfbbca4cdf35
d178d79eb06e6d82f57a3be47f141b5ad9f0cdd7
d4c4558a94c845fcf3a5079a99e98e96c7168b1e254ee37668c78165f2546db4
GET /npe/bonuscredit/bonuscredit-v579100.js HTTP/1.1
Host: pt-static3.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:10 GMT
content-type: application/javascript
last-modified: Thu, 26 Jan 2023 08:34:03 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"63d23afb-61a9"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
lsc-edge-95-128-120-37.dditscdn.com/memberChat/jasmin93ec9d29-9b11-4750-a183-b8ae3d938e2f5699831eeec2f404843a8349aa734089?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkb2NsZXIubHNjLmFwaSIsImF1ZCI6Ijk1LjEyOC4xMjAuMzciLCJuaWNrIjoiOTNlYzlkMjktOWIxMS00NzUwLWExODMtYjhhZTNkOTM4ZTJmIiwiaGFzaCI6IjU2OTk4MzFlZWVjMmY0MDQ4NDNhODM0OWFhNzM0MDg5IiwianRpIjoxMjI1NjEyODY0MzkwMjAzLCJpYXQiOjE2NzQ4OTI1NzIsImV4cCI6MTY3NDg5MjYzMn0.SQCJAPjvbVBcR4NQVLqoP3qMxC0X8PDwlFowb2VtvoQ
95.128.120.37101 Switching Protocols 0 B URL HTTP/1.1 lsc-edge-95-128-120-37.dditscdn.com/memberChat/jasmin93ec9d29-9b11-4750-a183-b8ae3d938e2f5699831eeec2f404843a8349aa734089?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkb2NsZXIubHNjLmFwaSIsImF1ZCI6Ijk1LjEyOC4xMjAuMzciLCJuaWNrIjoiOTNlYzlkMjktOWIxMS00NzUwLWExODMtYjhhZTNkOTM4ZTJmIiwiaGFzaCI6IjU2OTk4MzFlZWVjMmY0MDQ4NDNhODM0OWFhNzM0MDg5IiwianRpIjoxMjI1NjEyODY0MzkwMjAzLCJpYXQiOjE2NzQ4OTI1NzIsImV4cCI6MTY3NDg5MjYzMn0.SQCJAPjvbVBcR4NQVLqoP3qMxC0X8PDwlFowb2VtvoQ
IP 95.128.120.37:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /memberChat/jasmin93ec9d29-9b11-4750-a183-b8ae3d938e2f5699831eeec2f404843a8349aa734089?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkb2NsZXIubHNjLmFwaSIsImF1ZCI6Ijk1LjEyOC4xMjAuMzciLCJuaWNrIjoiOTNlYzlkMjktOWIxMS00NzUwLWExODMtYjhhZTNkOTM4ZTJmIiwiaGFzaCI6IjU2OTk4MzFlZWVjMmY0MDQ4NDNhODM0OWFhNzM0MDg5IiwianRpIjoxMjI1NjEyODY0MzkwMjAzLCJpYXQiOjE2NzQ4OTI1NzIsImV4cCI6MTY3NDg5MjYzMn0.SQCJAPjvbVBcR4NQVLqoP3qMxC0X8PDwlFowb2VtvoQ HTTP/1.1
Host: lsc-edge-95-128-120-37.dditscdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://crprt.livejasmin.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xywdwtGeaYKp4jb6dyzICQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Sat, 28 Jan 2023 07:56:12 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tGzX/GS4IHnqodIdOZ+0fe6kBBA=
Server: unknown
ngs-edge-95-128-121-21.dditscdn.com/eyJhbGciOiJIUzI1NiJ9.eyJhbGxvd0g1TGl2ZVByb3h5Ijp0cnVlLCJvcmlnaW4iOiIqIiwic2VydmVyIjoid3NzOi8vbmdzLWVkZ2UtOTUtMTI4LTEyMS0yMS5kZGl0c2Nkbi5jb20iLCJ0b2tlbklkIjoiTUN4bE1tTXhOelU0TVMxak5ETTBMVFF6WldFdE9UVmtPQzB4WldJMFpUYzFOV0l3TlRNc01TdzFaamd3TnpreE5TeHJNM2syTlhvM09HdEpZMFJqVVdZd05raEdXR3RrY25Ca1ZEUTkiLCJzdHJlYW1JZCI6IjZiNDViOTZiLTM0NDMtNGY3OS1hZWU1LTdiMDlmM2U3YjljMCIsImNJZCI6IjN2ZXJ5Yms4ZDFyMm04YXgiLCJhdWQiOiJ2aWV3ZXIiLCJpc3MiOiJkb2NsZXIuc3RyZWFtaW5nLnN0cmVhbWNvbnRyb2xsZXIiLCJpYXQiOjE2NzQ4OTI1NzIsImV4cCI6MTY3NDg5MjYzMn0.3Zye-MB-go8qDkwqH3wfKWU-jkqx_RU9gRaEn_38CR4?
95.128.121.21101 Switching Protocols 0 B URL HTTP/1.1 ngs-edge-95-128-121-21.dditscdn.com/eyJhbGciOiJIUzI1NiJ9.eyJhbGxvd0g1TGl2ZVByb3h5Ijp0cnVlLCJvcmlnaW4iOiIqIiwic2VydmVyIjoid3NzOi8vbmdzLWVkZ2UtOTUtMTI4LTEyMS0yMS5kZGl0c2Nkbi5jb20iLCJ0b2tlbklkIjoiTUN4bE1tTXhOelU0TVMxak5ETTBMVFF6WldFdE9UVmtPQzB4WldJMFpUYzFOV0l3TlRNc01TdzFaamd3TnpreE5TeHJNM2syTlhvM09HdEpZMFJqVVdZd05raEdXR3RrY25Ca1ZEUTkiLCJzdHJlYW1JZCI6IjZiNDViOTZiLTM0NDMtNGY3OS1hZWU1LTdiMDlmM2U3YjljMCIsImNJZCI6IjN2ZXJ5Yms4ZDFyMm04YXgiLCJhdWQiOiJ2aWV3ZXIiLCJpc3MiOiJkb2NsZXIuc3RyZWFtaW5nLnN0cmVhbWNvbnRyb2xsZXIiLCJpYXQiOjE2NzQ4OTI1NzIsImV4cCI6MTY3NDg5MjYzMn0.3Zye-MB-go8qDkwqH3wfKWU-jkqx_RU9gRaEn_38CR4?
IP 95.128.121.21:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /eyJhbGciOiJIUzI1NiJ9.eyJhbGxvd0g1TGl2ZVByb3h5Ijp0cnVlLCJvcmlnaW4iOiIqIiwic2VydmVyIjoid3NzOi8vbmdzLWVkZ2UtOTUtMTI4LTEyMS0yMS5kZGl0c2Nkbi5jb20iLCJ0b2tlbklkIjoiTUN4bE1tTXhOelU0TVMxak5ETTBMVFF6WldFdE9UVmtPQzB4WldJMFpUYzFOV0l3TlRNc01TdzFaamd3TnpreE5TeHJNM2syTlhvM09HdEpZMFJqVVdZd05raEdXR3RrY25Ca1ZEUTkiLCJzdHJlYW1JZCI6IjZiNDViOTZiLTM0NDMtNGY3OS1hZWU1LTdiMDlmM2U3YjljMCIsImNJZCI6IjN2ZXJ5Yms4ZDFyMm04YXgiLCJhdWQiOiJ2aWV3ZXIiLCJpc3MiOiJkb2NsZXIuc3RyZWFtaW5nLnN0cmVhbWNvbnRyb2xsZXIiLCJpYXQiOjE2NzQ4OTI1NzIsImV4cCI6MTY3NDg5MjYzMn0.3Zye-MB-go8qDkwqH3wfKWU-jkqx_RU9gRaEn_38CR4? HTTP/1.1
Host: ngs-edge-95-128-121-21.dditscdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://crprt.livejasmin.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: pyPT8l2cGeaCfx+RpnWuBg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Sat, 28 Jan 2023 07:56:12 GMT
Connection: upgrade
server: ngs-h5live-proxy
Upgrade: websocket
Sec-WebSocket-Accept: +eAVHwlAWQn69cutP2pA6jSvM6Q=
pt-static3.jsmsat.com/npe/pu/fslf/css/fslf.jsm-v579100.css
93.93.51.201200 OK 5.3 kB URL HTTP/2 pt-static3.jsmsat.com/npe/pu/fslf/css/fslf.jsm-v579100.css
IP 93.93.51.201:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type ASCII text, with very long lines (24296), with no line terminators
Hash ba7590e4fe1fd8c5c9f1f6bee9a824c8
63fb5f169388aee9dfb18f18f592c06dc8e95541
5ae3e41b07e1be97124f99b448e30d2c3302450adce315d0b0a5c9ba2b6e7097
GET /npe/pu/fslf/css/fslf.jsm-v579100.css HTTP/1.1
Host: pt-static3.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:11 GMT
content-type: text/css
last-modified: Thu, 26 Jan 2023 08:34:03 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"63d23afb-5ee8"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
ngs-edge-95-128-120-20.dditscdn.com/eyJhbGciOiJIUzI1NiJ9.eyJhbGxvd0g1TGl2ZVByb3h5Ijp0cnVlLCJvcmlnaW4iOiIqIiwic2VydmVyIjoid3NzOi8vbmdzLWVkZ2UtOTUtMTI4LTEyMC0yMC5kZGl0c2Nkbi5jb20iLCJ0b2tlbklkIjoiTUN3ME56STFZVFU1T0MweE5qY3lMVFF6TW1RdFlUbGlNaTB3TW1RMU1UVXpOalprT1dNc01TdzFaamd3TnpneE5DeFNSV2d4TnpGd1VsSXJaa2xRTW5VM1dESXJUVUZ0ZEhwU1VqZzkiLCJzdHJlYW1JZCI6ImM2MDMyYmM2LTEyYWYtNDFkZC1hYWY4LWM5NDA4ODAzY2NlMSIsImNJZCI6IjBybWw5bzdia3VqbTF3dG8iLCJhdWQiOiJ2aWV3ZXIiLCJpc3MiOiJkb2NsZXIuc3RyZWFtaW5nLnN0cmVhbWNvbnRyb2xsZXIiLCJpYXQiOjE2NzQ4OTI1NzMsImV4cCI6MTY3NDg5MjYzM30.7FfZSGj-Wb0PMHNlJyoRfnqs1rXmL3-UBB1fIQCYX6c?
95.128.120.20101 Switching Protocols 0 B URL HTTP/1.1 ngs-edge-95-128-120-20.dditscdn.com/eyJhbGciOiJIUzI1NiJ9.eyJhbGxvd0g1TGl2ZVByb3h5Ijp0cnVlLCJvcmlnaW4iOiIqIiwic2VydmVyIjoid3NzOi8vbmdzLWVkZ2UtOTUtMTI4LTEyMC0yMC5kZGl0c2Nkbi5jb20iLCJ0b2tlbklkIjoiTUN3ME56STFZVFU1T0MweE5qY3lMVFF6TW1RdFlUbGlNaTB3TW1RMU1UVXpOalprT1dNc01TdzFaamd3TnpneE5DeFNSV2d4TnpGd1VsSXJaa2xRTW5VM1dESXJUVUZ0ZEhwU1VqZzkiLCJzdHJlYW1JZCI6ImM2MDMyYmM2LTEyYWYtNDFkZC1hYWY4LWM5NDA4ODAzY2NlMSIsImNJZCI6IjBybWw5bzdia3VqbTF3dG8iLCJhdWQiOiJ2aWV3ZXIiLCJpc3MiOiJkb2NsZXIuc3RyZWFtaW5nLnN0cmVhbWNvbnRyb2xsZXIiLCJpYXQiOjE2NzQ4OTI1NzMsImV4cCI6MTY3NDg5MjYzM30.7FfZSGj-Wb0PMHNlJyoRfnqs1rXmL3-UBB1fIQCYX6c?
IP 95.128.120.20:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /eyJhbGciOiJIUzI1NiJ9.eyJhbGxvd0g1TGl2ZVByb3h5Ijp0cnVlLCJvcmlnaW4iOiIqIiwic2VydmVyIjoid3NzOi8vbmdzLWVkZ2UtOTUtMTI4LTEyMC0yMC5kZGl0c2Nkbi5jb20iLCJ0b2tlbklkIjoiTUN3ME56STFZVFU1T0MweE5qY3lMVFF6TW1RdFlUbGlNaTB3TW1RMU1UVXpOalprT1dNc01TdzFaamd3TnpneE5DeFNSV2d4TnpGd1VsSXJaa2xRTW5VM1dESXJUVUZ0ZEhwU1VqZzkiLCJzdHJlYW1JZCI6ImM2MDMyYmM2LTEyYWYtNDFkZC1hYWY4LWM5NDA4ODAzY2NlMSIsImNJZCI6IjBybWw5bzdia3VqbTF3dG8iLCJhdWQiOiJ2aWV3ZXIiLCJpc3MiOiJkb2NsZXIuc3RyZWFtaW5nLnN0cmVhbWNvbnRyb2xsZXIiLCJpYXQiOjE2NzQ4OTI1NzMsImV4cCI6MTY3NDg5MjYzM30.7FfZSGj-Wb0PMHNlJyoRfnqs1rXmL3-UBB1fIQCYX6c? HTTP/1.1
Host: ngs-edge-95-128-120-20.dditscdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://crprt.livejasmin.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: mC/drKsG6kqI9o0azBkYMA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Sat, 28 Jan 2023 07:56:13 GMT
Connection: upgrade
server: ngs-h5live-proxy
Upgrade: websocket
Sec-WebSocket-Accept: max08sK9LMXaydiSGRh/YuTILSQ=
api-protected.protoawegw.com/v2/player/performer/search?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=400_18&psid=ed_trronintdtno&streamType=rtmp&category=girl&bannedPerformers[]=93ec9d29-9b11-4750-a183-b8ae3d938e2f&bannedPerformers[]=AmandaCream&bannedPerformers[]=CarolynePetite&bannedPerformers[]=2e4b0e16-528a-4739-b73f-533e66504706&bannedPerformers[]=IrisDiamond&bannedPerformers[]=a56bafdd-c10e-48da-9436-3ab9b0d5902c
93.93.51.225200 OK 590 B URL HTTP/2 api-protected.protoawegw.com/v2/player/performer/search?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=400_18&psid=ed_trronintdtno&streamType=rtmp&category=girl&bannedPerformers[]=93ec9d29-9b11-4750-a183-b8ae3d938e2f&bannedPerformers[]=AmandaCream&bannedPerformers[]=CarolynePetite&bannedPerformers[]=2e4b0e16-528a-4739-b73f-533e66504706&bannedPerformers[]=IrisDiamond&bannedPerformers[]=a56bafdd-c10e-48da-9436-3ab9b0d5902c
IP 93.93.51.225:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JSON data\012- , ASCII text, with very long lines (808), with no line terminators
Hash 5b8a2ed49ad6bc6168f99ea89e7301e4
397487c64e4eea145619e9bf92fd8bf910bd50cd
793f3999122e53e580ff22ae6bfeb880ef5b74ba02a7b794966f72c9d5514b5f
GET /v2/player/performer/search?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=400_18&psid=ed_trronintdtno&streamType=rtmp&category=girl&bannedPerformers[]=93ec9d29-9b11-4750-a183-b8ae3d938e2f&bannedPerformers[]=AmandaCream&bannedPerformers[]=CarolynePetite&bannedPerformers[]=2e4b0e16-528a-4739-b73f-533e66504706&bannedPerformers[]=IrisDiamond&bannedPerformers[]=a56bafdd-c10e-48da-9436-3ab9b0d5902c HTTP/1.1
Host: api-protected.protoawegw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://crprt.livejasmin.com/
Origin: https://crprt.livejasmin.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:13 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
access-control-allow-methods: OPTIONS, GET, POST, PUT, DELETE, PATCH
server: unknown
content-encoding: gzip
X-Firefox-Spdy: h2
api-protected.protoawegw.com/v2/player/performer/search?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=400_18&psid=ed_trronintdtno&streamType=rtmp&category=girl&bannedPerformers[]=93ec9d29-9b11-4750-a183-b8ae3d938e2f&bannedPerformers[]=AmandaCream&bannedPerformers[]=CarolynePetite&bannedPerformers[]=2e4b0e16-528a-4739-b73f-533e66504706&bannedPerformers[]=IrisDiamond&bannedPerformers[]=a56bafdd-c10e-48da-9436-3ab9b0d5902c
93.93.51.225200 OK 600 B URL HTTP/2 api-protected.protoawegw.com/v2/player/performer/search?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=400_18&psid=ed_trronintdtno&streamType=rtmp&category=girl&bannedPerformers[]=93ec9d29-9b11-4750-a183-b8ae3d938e2f&bannedPerformers[]=AmandaCream&bannedPerformers[]=CarolynePetite&bannedPerformers[]=2e4b0e16-528a-4739-b73f-533e66504706&bannedPerformers[]=IrisDiamond&bannedPerformers[]=a56bafdd-c10e-48da-9436-3ab9b0d5902c
IP 93.93.51.225:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JSON data\012- , ASCII text, with very long lines (815), with no line terminators
Hash 1d2321c0b84590806c8fbe638f8dfb2e
369f03d88f6b820a3f1d7cde7c732035d60c5bc5
75a2bc8c4dd8fef92eb3444b598d7417ff71106f234843cb26bf720285845ca0
GET /v2/player/performer/search?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=400_18&psid=ed_trronintdtno&streamType=rtmp&category=girl&bannedPerformers[]=93ec9d29-9b11-4750-a183-b8ae3d938e2f&bannedPerformers[]=AmandaCream&bannedPerformers[]=CarolynePetite&bannedPerformers[]=2e4b0e16-528a-4739-b73f-533e66504706&bannedPerformers[]=IrisDiamond&bannedPerformers[]=a56bafdd-c10e-48da-9436-3ab9b0d5902c HTTP/1.1
Host: api-protected.protoawegw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://crprt.livejasmin.com/
Origin: https://crprt.livejasmin.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:14 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
access-control-allow-methods: OPTIONS, GET, POST, PUT, DELETE, PATCH
server: unknown
content-encoding: gzip
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/XEXvawa.js
135.181.208.216200 OK 0 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/XEXvawa.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /XEXvawa.js HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:56:06 GMT
content-type: application/javascript
last-modified: Thu, 17 Nov 2022 11:24:59 GMT
etag: W/"63761a0b-478b9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
vary: Accept-Encoding, Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9e68c5632e1f9f77f8da043a0495769a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: sZbTYV6O2VpK83wlD89T_Pjy9xVaQEiugTEmCIcDasrU7Ns13Bx1jA==
age: 4203355
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/cZAjeQ7.js
135.181.208.216200 OK 0 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/cZAjeQ7.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /cZAjeQ7.js HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:56:06 GMT
content-type: application/javascript
last-modified: Tue, 13 Dec 2022 09:50:49 GMT
etag: W/"63984af9-29f99"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
vary: Accept-Encoding, Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 990c1aa70667fe4e8f93d88ac8400fc4.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: JNgb9m6kzYNZOcJ9FVNF7tJfoglT_eMOu1Xn67lmbi7hUa_JFqNrtw==
age: 3025516
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/settings/377391
135.181.208.216200 OK 0 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/settings/377391
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/settings/377391 HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:56:07 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.200.35:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: Z3QeLRd88RE7VI8xHchvs49H7Ysofm8Pujvfa19oR9hrAAFCwCR51EOwO6xS4UNr4eqCCzC1oJpqLJRFeLe91A==
date: Sat, 28 Jan 2023 07:56:08 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
tsyndicate.com/do2/4f374a23cf56497b89d53e89be5502a2/vast?
136.243.75.209200 OK 0 B URL HTTP/2 tsyndicate.com/do2/4f374a23cf56497b89d53e89be5502a2/vast?
IP 136.243.75.209:0
ASN #24940 Hetzner Online GmbH
GET /do2/4f374a23cf56497b89d53e89be5502a2/vast? HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:56:09 GMT
content-type: application/xml; charset=utf-8
access-control-allow-origin: https://www.xxxfiles.com
access-control-allow-methods: POST, GET, HEAD
access-control-allow-headers: Accept, X-Requested-With, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Legacy
access-control-allow-credentials: true
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
x-vast: 3.0
x-request-id: 32d333e21b39505f
set-cookie: ts_uid=210bc7ff-4a17-40e3-b1a8-ed85aa57595c; expires=Fri, 28 Jul 2023 07:56:09 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCx5YZMmbMiFFjRhcWIsYU3BLjoYgyE2PYuEEjxw0cOWzk6NJH; expires=Sun, 29 Jan 2023 07:56:09 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
www.xxxfiles.com/videos/145998/a7195687f4fba01f71d35a3d1e5ee304/?sid=12320
172.67.194.240200 OK 0 B URL HTTP/2 www.xxxfiles.com/videos/145998/a7195687f4fba01f71d35a3d1e5ee304/?sid=12320
IP 172.67.194.240:0
GET /videos/145998/a7195687f4fba01f71d35a3d1e5ee304/?sid=12320 HTTP/1.1
Host: www.xxxfiles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:06 GMT
content-type: text/html; charset=utf-8
set-cookie: PHPSESSID=mevv8q15s003b7apjvpsg7k0je; path=/; domain=.xxxfiles.com; SameSite=Lax
second_643539=true; expires=Sat, 28-Jan-2023 08:04:39 GMT; Max-Age=0; path=/
kt_qparams=id%3D145998%26dir%3Da7195687f4fba01f71d35a3d1e5ee304%26sid%3D12320; expires=Sun, 29-Jan-2023 08:04:40 GMT; Max-Age=86400; path=/; domain=.xxxfiles.com; SameSite=Lax
kt_ips=91.90.42.154; expires=Sun, 29-Jan-2023 08:04:40 GMT; Max-Age=86400; path=/; domain=.xxxfiles.com; SameSite=Lax
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4xXQaHKD6XClJ2X1gbmuInmhxyIOKmQXzXDKW%2Fnc3RktlK%2BLg61PQO4vpk1ifgRPEFkYe5zrhXa30ZWwq78IB5JaNU4CQaLQ6I42GH8VdHWFSV9hghNI27%2BwVew7vsEK9l%2FR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79082b68ff4dfabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.199.35200 OK 0 B IP 172.64.199.35:0
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:08 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.xxxfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4320
last-modified: Sat, 28 Jan 2023 06:44:08 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hYZYOBpFah1Zd4jq2K%2F3C6xka3SjEXOvHgd8uAtKoQYJPYeOZB%2BbOmPJrEiRP9Dh6PJAz92uWa1oVkysDclP207D%2F8ZDaSHBcaXzlyjhInwGsaWh8kjhE6KwReSrSGYD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79082b794a097708-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?dsh=S168245378%3A1674892568492908&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcevMw5u0wIl1YFk7SfKXZ6jMP78310pekF-CGi8XpYuP1lhHlLk1yamhC1vK4uZ5kmfYO74A
142.250.74.109403 Forbidden 0 B URL HTTP/2 accounts.google.com/v3/signin/identifier?dsh=S168245378%3A1674892568492908&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcevMw5u0wIl1YFk7SfKXZ6jMP78310pekF-CGi8XpYuP1lhHlLk1yamhC1vK4uZ5kmfYO74A
IP 142.250.74.109:0
GET /v3/signin/identifier?dsh=S168245378%3A1674892568492908&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHcevMw5u0wIl1YFk7SfKXZ6jMP78310pekF-CGi8XpYuP1lhHlLk1yamhC1vK4uZ5kmfYO74A HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 28 Jan 2023 07:56:08 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-Xffej3ioQQxra8GW2bJu3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi/external"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
twinrdsrv.com/banner.engine?id=4ce47ff2-c2e3-47a1-a9be-931241b17841&z=41951&cid=b9c&rand=98629&ver=async&time=0&referrerurl=https%3A%2F%2Fwww.xxxfiles.com%2F&abr=false&curl=https%3A%2F%2Fwww.xxxfiles.com%2F
172.66.43.59200 OK 0 B URL HTTP/2 twinrdsrv.com/banner.engine?id=4ce47ff2-c2e3-47a1-a9be-931241b17841&z=41951&cid=b9c&rand=98629&ver=async&time=0&referrerurl=https%3A%2F%2Fwww.xxxfiles.com%2F&abr=false&curl=https%3A%2F%2Fwww.xxxfiles.com%2F
IP 172.66.43.59:0
GET /banner.engine?id=4ce47ff2-c2e3-47a1-a9be-931241b17841&z=41951&cid=b9c&rand=98629&ver=async&time=0&referrerurl=https%3A%2F%2Fwww.xxxfiles.com%2F&abr=false&curl=https%3A%2F%2Fwww.xxxfiles.com%2F HTTP/1.1
Host: twinrdsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hegdcrxavrtk.cdnvideo3.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:07 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
cache-control: private, no-transform
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
set-cookie: IKSR={}; path=/; SameSite=None; secure
INF_DFL8=false; path=/; SameSite=None; secure
IUID=41b4b1f4-605d-41d4-8995-8b14066d9440; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure
ISSH=68EB5C; path=/; SameSite=None; secure
VMI=; path=/; SameSite=None; secure
IPLH=#{}; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
IPLH_Q=#[]; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
CHN=#[]; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
MSSH=#{}; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
MSRH=#{}; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
ILP=null; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure
ILPLU=#1/1/0001 12:00:00 AM; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
ILEALC=#1/1/0001 12:00:00 AM; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
ILMPF=#False; expires=Sat, 28-Jan-2023 11:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
IPMPLU=#; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
IPMUID=#; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
BSWUID=#; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
IKSR={}; path=/; SameSite=None; secure
IBL=#[]; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH=#{}; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH_Q=#[]; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
IZH=#{}; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
IZH_Q=#[]; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH=#{}; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH_Q=#[]; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
IMH=#{}; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
IMH_Q=#[]; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
ISH=#{}; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
ISH_Q=#[]; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH=#{}; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH_Q=#[]; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
ICH=#{}; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
ICH_Q=#[]; expires=Fri, 28-Jan-2033 07:56:07 GMT; path=/; SameSite=None; secure; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c4L2WZMam1NXwWKsl1FVN6grCk1cSTQea%2BhoY%2FZsThv3gbgqLuFtcMQsqCVrDCNyLYt0voujt6CSo5oTKD89LGdOXSxoZBhnhvWbeSoo3zA31b5%2BwXxj43dDuhNZ1qs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79082b732a2dfac0-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/spots/329586?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/329586?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/329586?p=1&s1=%subid1%&kw= HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Cookie: nauid=7L5mIom56rEFN5rNHwyf
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:56:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.199.35200 OK 0 B IP 172.64.199.35:0
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:08 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.xxxfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4320
last-modified: Sat, 28 Jan 2023 06:44:08 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qWhmIdWVxw2HW%2FCwa0lpl%2BKOpyTAioLjdE7JHgQ49Bp80CAgSMmNfbeujYG7lKJh%2B%2FdQyZy1FEEisRmyuPh4LQjX9lGZGpjZKRMxqPQ%2BAgtMTZLobu5Y9NfNBzB4%2FS%2BF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79082b795a197708-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/js/script.js
172.64.166.9200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/software/us/ios/desk-new-big/js/script.js
IP 172.64.166.9:0
GET /sb/notifications/software/us/ios/desk-new-big/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.xxxfiles.com
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:09 GMT
content-type: application/javascript
last-modified: Wed, 17 Feb 2021 11:44:05 GMT
etag: W/"602d0185-183"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 164141
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jVOn2Ksp8IC9LIq7n760R4MvcNakd%2F3SQPHOs7Gd2Tt2ktYIdbxANLmIyS6tJ6Me0eFvkvwmZ95vYv7SZQ%2F%2BwCT8WXktBU5FerU2ZgMBVzDgjFNp0AlmY0y5iRYyMecTN9Qm9gKCdT39"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79082b808fe274e1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
crprt.livejasmin.com/post/play/vip/tic?ms_rnd=1674892570.60727&pstool=400_320&psid=ed_trronintdtno&utm_source=tr&category=girl&site=jsm&utm_medium=network&subaffid=10565_xxxfiles.com&origin=twinrdsrv.com
93.93.51.191200 OK 0 B URL HTTP/2 crprt.livejasmin.com/post/play/vip/tic?ms_rnd=1674892570.60727&pstool=400_320&psid=ed_trronintdtno&utm_source=tr&category=girl&site=jsm&utm_medium=network&subaffid=10565_xxxfiles.com&origin=twinrdsrv.com
IP 93.93.51.191:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /post/play/vip/tic?ms_rnd=1674892570.60727&pstool=400_320&psid=ed_trronintdtno&utm_source=tr&category=girl&site=jsm&utm_medium=network&subaffid=10565_xxxfiles.com&origin=twinrdsrv.com HTTP/1.1
Host: crprt.livejasmin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crjpgate.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache
date: Sat, 28 Jan 2023 07:56:10 GMT
server: unknown
set-cookie: psui=a59f007fbf3384ccc33cc586d5d348f0; Path=/; Expires=Mon, 27-Feb-23 07:56:10 GMT; SameSite=None; Secure
content-encoding: gzip
X-Firefox-Spdy: h2
unpkg.com/silvermine-videojs-quality-selector@1.1.2/dist/js/silvermine-videojs-quality-selector.min.js
104.16.125.175200 OK 0 B URL HTTP/2 unpkg.com/silvermine-videojs-quality-selector@1.1.2/dist/js/silvermine-videojs-quality-selector.min.js
IP 104.16.125.175:0
GET /silvermine-videojs-quality-selector@1.1.2/dist/js/silvermine-videojs-quality-selector.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:06 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Wed, 10 Jan 2018 00:56:00 GMT
etag: W/"5329-e6FW82qZOTCVRh707R8p5aJnMuY"
via: 1.1 fly.io
fly-request-id: 01G7549ZE3WWN11S6HGDRQ6KSN-fra
cf-cache-status: HIT
age: 17936588
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 79082b6c2847b51b-OSL
content-encoding: br
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/Ka0q1Ad.js
135.181.208.216200 OK 0 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/Ka0q1Ad.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /Ka0q1Ad.js HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:56:06 GMT
content-type: application/javascript
last-modified: Thu, 17 Nov 2022 11:24:59 GMT
etag: W/"63761a0b-478b9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
vary: Accept-Encoding, Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9e68c5632e1f9f77f8da043a0495769a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: sZbTYV6O2VpK83wlD89T_Pjy9xVaQEiugTEmCIcDasrU7Ns13Bx1jA==
age: 4203355
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/8sq5gA5.js
135.181.208.216200 OK 0 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/8sq5gA5.js
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /8sq5gA5.js HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:56:06 GMT
content-type: application/javascript
last-modified: Tue, 13 Dec 2022 09:50:49 GMT
etag: W/"63984af9-29f99"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
vary: Accept-Encoding, Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 990c1aa70667fe4e8f93d88ac8400fc4.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: JNgb9m6kzYNZOcJ9FVNF7tJfoglT_eMOu1Xn67lmbi7hUa_JFqNrtw==
age: 3025516
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/spots/309159?host=www.xxxfiles.com&ev=197&wh=939&ww=1280&uuid=&kw=Blowjob%2Ccum%20in%20mouth%2CEbony%2Cnatural%20tits%2Coil%2Cadulttime.com%2Cnurumassage.com%2Cnurumassage%2CDemi%20Sutra%2CCodey%20Steele&s1=%25subid1%25
135.181.208.216200 OK 0 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/309159?host=www.xxxfiles.com&ev=197&wh=939&ww=1280&uuid=&kw=Blowjob%2Ccum%20in%20mouth%2CEbony%2Cnatural%20tits%2Coil%2Cadulttime.com%2Cnurumassage.com%2Cnurumassage%2CDemi%20Sutra%2CCodey%20Steele&s1=%25subid1%25
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/309159?host=www.xxxfiles.com&ev=197&wh=939&ww=1280&uuid=&kw=Blowjob%2Ccum%20in%20mouth%2CEbony%2Cnatural%20tits%2Coil%2Cadulttime.com%2Cnurumassage.com%2Cnurumassage%2CDemi%20Sutra%2CCodey%20Steele&s1=%25subid1%25 HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Cookie: nauid=7L5mIom56rEFN5rNHwyf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:56:09 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/spots/12439818116959383095/997762?fill=0&kw=Blowjob,cum%20in%20mouth,Ebony,natural%20tits,oil,adulttime.com,nurumassage.com,nurumassage,Demi%20Sutra,Codey%20Steele
135.181.208.216200 OK 0 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/12439818116959383095/997762?fill=0&kw=Blowjob,cum%20in%20mouth,Ebony,natural%20tits,oil,adulttime.com,nurumassage.com,nurumassage,Demi%20Sutra,Codey%20Steele
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/12439818116959383095/997762?fill=0&kw=Blowjob,cum%20in%20mouth,Ebony,natural%20tits,oil,adulttime.com,nurumassage.com,nurumassage,Demi%20Sutra,Codey%20Steele HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Cookie: nauid=7L5mIom56rEFN5rNHwyf
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:56:09 GMT
content-type: text/xml
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://www.xxxfiles.com
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
pt-static4.jsmsat.com/npe/pu/tic-vip-show/script/pu.ticvipshow-v579100.js
93.93.51.201200 OK 0 B URL HTTP/2 pt-static4.jsmsat.com/npe/pu/tic-vip-show/script/pu.ticvipshow-v579100.js
IP 93.93.51.201:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /npe/pu/tic-vip-show/script/pu.ticvipshow-v579100.js HTTP/1.1
Host: pt-static4.jsmsat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://crprt.livejasmin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:11 GMT
content-type: application/javascript
last-modified: Thu, 26 Jan 2023 08:34:03 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"63d23afb-38303"
access-control-allow-origin: *
server: unknown
x-cdn-node: sesto
x-cache-status: R-HIT
content-encoding: gzip
X-Firefox-Spdy: h2
api-protected.protoawegw.com/v2/player/performer/get?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=400_18&psid=ed_trronintdtno&streamType=rtmp&category=girl&performerIds[]=93ec9d29-9b11-4750-a183-b8ae3d938e2f
93.93.51.225200 OK 0 B URL HTTP/2 api-protected.protoawegw.com/v2/player/performer/get?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=400_18&psid=ed_trronintdtno&streamType=rtmp&category=girl&performerIds[]=93ec9d29-9b11-4750-a183-b8ae3d938e2f
IP 93.93.51.225:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
GET /v2/player/performer/get?noRedirect=1&mitigable=1&includeTestAccounts=0&product=livejasmin&presets=&certified=0&hotDeal=0&preVipShow=0&ngs=1&pstool=400_18&psid=ed_trronintdtno&streamType=rtmp&category=girl&performerIds[]=93ec9d29-9b11-4750-a183-b8ae3d938e2f HTTP/1.1
Host: api-protected.protoawegw.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://crprt.livejasmin.com/
Origin: https://crprt.livejasmin.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:12 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
access-control-allow-methods: OPTIONS, GET, POST, PUT, DELETE, PATCH
server: unknown
content-encoding: gzip
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/spots/329584?p=1&s1=%subid1%&kw=
135.181.208.216200 OK 0 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/329584?p=1&s1=%subid1%&kw=
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/329584?p=1&s1=%subid1%&kw= HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:56:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: nauid=07T48BNJtk81GgX2SLgk; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.199.35200 OK 0 B IP 172.64.199.35:0
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:56:08 GMT
content-type: text/plain
set-cookie: csu=1685721468123282@1@1674892568; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.xxxfiles.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XhfMNf1iw%2BBNTSo4Ycl7rFQtR4B%2BOF7SXYT9mX7BxC0wTKLssq5Vf0ar1ygHlQ2hJXVoyn6Em4yhtmLl8yUfGHqqhMHB6BsX7va8161pvjtXLXQi4kvllmDrWzJHHrtJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79082b7a5b0d7708-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/spots/12439818116959383095/997745?fill=0&kw=Blowjob,cum%20in%20mouth,Ebony,natural%20tits,oil,adulttime.com,nurumassage.com,nurumassage,Demi%20Sutra,Codey%20Steele
135.181.208.216200 OK 0 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/12439818116959383095/997745?fill=0&kw=Blowjob,cum%20in%20mouth,Ebony,natural%20tits,oil,adulttime.com,nurumassage.com,nurumassage,Demi%20Sutra,Codey%20Steele
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/12439818116959383095/997745?fill=0&kw=Blowjob,cum%20in%20mouth,Ebony,natural%20tits,oil,adulttime.com,nurumassage.com,nurumassage,Demi%20Sutra,Codey%20Steele HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Cookie: nauid=7L5mIom56rEFN5rNHwyf
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:56:09 GMT
content-type: text/xml
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://www.xxxfiles.com
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/spots/410357?host=www.xxxfiles.com&ev=197&wh=939&ww=1280&uuid=&kw=Blowjob%2Ccum%20in%20mouth%2CEbony%2Cnatural%20tits%2Coil%2Cadulttime.com%2Cnurumassage.com%2Cnurumassage%2CDemi%20Sutra%2CCodey%20Steele&s1=%25subid1%25
135.181.208.216200 OK 0 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/410357?host=www.xxxfiles.com&ev=197&wh=939&ww=1280&uuid=&kw=Blowjob%2Ccum%20in%20mouth%2CEbony%2Cnatural%20tits%2Coil%2Cadulttime.com%2Cnurumassage.com%2Cnurumassage%2CDemi%20Sutra%2CCodey%20Steele&s1=%25subid1%25
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/410357?host=www.xxxfiles.com&ev=197&wh=939&ww=1280&uuid=&kw=Blowjob%2Ccum%20in%20mouth%2CEbony%2Cnatural%20tits%2Coil%2Cadulttime.com%2Cnurumassage.com%2Cnurumassage%2CDemi%20Sutra%2CCodey%20Steele&s1=%25subid1%25 HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Cookie: nauid=7L5mIom56rEFN5rNHwyf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:56:09 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
unpkg.com/silvermine-videojs-quality-selector/dist/js/silvermine-videojs-quality-selector.min.js
104.16.125.175302 Found 0 B URL HTTP/2 unpkg.com/silvermine-videojs-quality-selector/dist/js/silvermine-videojs-quality-selector.min.js
IP 104.16.125.175:0
GET /silvermine-videojs-quality-selector/dist/js/silvermine-videojs-quality-selector.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.xxxfiles.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 28 Jan 2023 07:56:06 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /silvermine-videojs-quality-selector@1.1.2/dist/js/silvermine-videojs-quality-selector.min.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GQVNKVHJAWM39X9T8WEYMZQ0-fra
cf-cache-status: HIT
age: 422
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 79082b6b1eeab51b-OSL
X-Firefox-Spdy: h2
hegdcrxavrtk.cdnvideo3.com/api/spots/12439818116959383095/997869?fill=0&kw=Blowjob,cum%20in%20mouth,Ebony,natural%20tits,oil,adulttime.com,nurumassage.com,nurumassage,Demi%20Sutra,Codey%20Steele
135.181.208.216200 OK 0 B URL HTTP/2 hegdcrxavrtk.cdnvideo3.com/api/spots/12439818116959383095/997869?fill=0&kw=Blowjob,cum%20in%20mouth,Ebony,natural%20tits,oil,adulttime.com,nurumassage.com,nurumassage,Demi%20Sutra,Codey%20Steele
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/12439818116959383095/997869?fill=0&kw=Blowjob,cum%20in%20mouth,Ebony,natural%20tits,oil,adulttime.com,nurumassage.com,nurumassage,Demi%20Sutra,Codey%20Steele HTTP/1.1
Host: hegdcrxavrtk.cdnvideo3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.xxxfiles.com/
Origin: https://www.xxxfiles.com
Connection: keep-alive
Cookie: nauid=7L5mIom56rEFN5rNHwyf
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:56:09 GMT
content-type: text/xml
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-origin: https://www.xxxfiles.com
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2